diff options
| author | Suren A. Chilingaryan <csa@suren.me> | 2018-02-28 23:46:55 +0100 |
|---|---|---|
| committer | Suren A. Chilingaryan <csa@suren.me> | 2018-02-28 23:46:55 +0100 |
| commit | 1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7 (patch) | |
| tree | c75d04456ab3593442734bec3d84c90e4b973f27 | |
| parent | fe4622305efa55e6bec8221efe8fc4bdd5462136 (diff) | |
| download | ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.gz ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.bz2 ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.tar.xz ands-1f3e2a9f59e83dc3f0fcbecf096a7e7b40d36ed7.zip | |
First running prototype
105 files changed, 508 insertions, 3027 deletions
diff --git a/.gitmodules b/.gitmodules index 2a57e55..1401d9b 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,3 +1,6 @@ [submodule "anslib/openshift-ansible"] path = anslib/openshift-ansible url = https://github.com/openshift/openshift-ansible.git +[submodule "anslib/ansible-ghetto-json"] + path = anslib/ansible-ghetto-json + url = https://github.com/FauxFaux/ansible-ghetto-json.git diff --git a/anslib/ansible-ghetto-json b/anslib/ansible-ghetto-json new file mode 160000 +Subproject a09b9fc089cada6172f9401ba4eaf48f89452c6 diff --git a/anslib/openshift-ansible b/anslib/openshift-ansible -Subproject ec3bc59ab20c4c21b7cfd27065c1a9b811bd951 +Subproject a46273949c39d6bd20ee65eb89aa96a73ffe9ae diff --git a/anslib/patches/openshift-ds-allow-upgrade-to-371.patch b/anslib/patches/openshift-ds-allow-upgrade-to-371.patch new file mode 100644 index 0000000..2bae14e --- /dev/null +++ b/anslib/patches/openshift-ds-allow-upgrade-to-371.patch @@ -0,0 +1,45 @@ +diff --git a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +index cc2ec27..6c4ccf8 100644 +--- a/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml ++++ b/playbooks/common/openshift-cluster/upgrades/v3_7/upgrade.yml +@@ -12,7 +12,7 @@ + - pre_upgrade + tasks: + - set_fact: +- openshift_upgrade_target: '3.7' ++ openshift_upgrade_target: '3.7.1' + openshift_upgrade_min: '3.6' + + - import_playbook: ../pre/config.yml +diff --git a/roles/openshift_repos/templates/CentOS-OpenShift-Origin371.repo.j2 b/roles/openshift_repos/templates/CentOS-OpenShift-Origin371.repo.j2 +new file mode 100644 +index 0000000..3118c7c +--- /dev/null ++++ b/roles/openshift_repos/templates/CentOS-OpenShift-Origin371.repo.j2 +@@ -0,0 +1,26 @@ ++[centos-openshift-origin371] ++name=CentOS OpenShift Origin ++baseurl=http://ufo.kit.edu/ands/repos/openshift74/ ++enabled=1 ++gpgcheck=0 ++ ++[centos-openshift-origin37-testing] ++name=CentOS OpenShift Origin Testing ++baseurl=http://buildlogs.centos.org/centos/7/paas/x86_64/openshift-origin37/ ++enabled={{ 1 if openshift_repos_enable_testing else 0 }} ++gpgcheck=0 ++gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS ++ ++[centos-openshift-origin37-debuginfo] ++name=CentOS OpenShift Origin DebugInfo ++baseurl=http://debuginfo.centos.org/centos/7/paas/x86_64/ ++enabled=0 ++gpgcheck=1 ++gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS ++ ++[centos-openshift-origin37-source] ++name=CentOS OpenShift Origin Source ++baseurl=http://vault.centos.org/centos/7/paas/Source/openshift-origin37/ ++enabled=0 ++gpgcheck=1 ++gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-PaaS diff --git a/group_vars/OSEv3.yml b/group_vars/OSEv3.yml index 1636c6d..537e5d7 100644 --- a/group_vars/OSEv3.yml +++ b/group_vars/OSEv3.yml @@ -105,3 +105,6 @@ openshift_install_examples: true # Required for IPFailover openshift_clock_enabled: true + +#This is required by OpenShift upgrade (may be something else) +g_ssh_user: "{{ ansible_ssh_user }}" diff --git a/group_vars/all.yml b/group_vars/all.yml index 1a1d11f..aef2251 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -2,5 +2,3 @@ ansible_ssh_user: root ansible_ssh_private_key_file: /home/csa/.ssh/id_dsa glusterfs_version: 312 -#This is required by OpenShift upgrade (may be something else) -g_ssh_user: "{{ ansible_ssh_user }}" diff --git a/group_vars/ands.yml b/group_vars/ands.yml index d3121c1..d9639f3 100644 --- a/group_vars/ands.yml +++ b/group_vars/ands.yml @@ -3,3 +3,8 @@ #ands_master_id: "{{ ('masters' in group_names) | ternary(groups.masters.index(('masters' in group_names) | ternary(inventory_hostname, groups.masters[0])), -1) }}" ands_storage_hostname: "{{ ands_storage_network | default(false) | ternary(ands_storage_network | default('') | ipaddr(ands_host_id) | ipaddr('address'), ansible_fqdn) }}" ands_configure_heketi: false + +ands_repo_url: http://ufo.kit.edu/ands/repos +ands_repositories: + - name: ands-updates + url: "{{ ands_repo_url }}/centos74/" diff --git a/library/ghetto_json b/library/ghetto_json new file mode 120000 index 0000000..9a303be --- /dev/null +++ b/library/ghetto_json @@ -0,0 +1 @@ +../anslib/ansible-ghetto-json/ghetto_json
\ No newline at end of file @@ -34,8 +34,9 @@ Actions: Configuration of new resources, etc. users - configure user roles & passwords - storage - reconfigure Gluster and OpenShift volumes + storage - reconfigures Gluster and OpenShift volumes projects - reconfigures OpenShift resources if necessary + project <name> - reconfigures a single OpenShift namespace vpn - reconfigure VPN tunnels certs - re-generate OpenShift x509 certificates check - check current setup and report if any maintenace should be peformed diff --git a/playbooks/library b/playbooks/library new file mode 120000 index 0000000..d6bf720 --- /dev/null +++ b/playbooks/library @@ -0,0 +1 @@ +../library/
\ No newline at end of file diff --git a/playbooks/openshift-setup-project.yml b/playbooks/openshift-setup-project.yml new file mode 100644 index 0000000..ab95933 --- /dev/null +++ b/playbooks/openshift-setup-project.yml @@ -0,0 +1,13 @@ +- name: Configure users & user projects + hosts: masters + roles: + - { role: ands_facts } + +- name: "Configure project {{ kaas_single_project }}" + hosts: masters + roles: + - { role: ands_kaas } + vars: + kaas_openshift_volumes: "{{ ands_openshift_volumes }}" + kaas_projects: "{{ ands_openshift_projects.keys() }}" + kaas_single_project: "{{ ands_configure_project }}" diff --git a/roles/ands_kaas/defaults/main.yml b/roles/ands_kaas/defaults/main.yml index 3835453..b2bfaf5 100644 --- a/roles/ands_kaas/defaults/main.yml +++ b/roles/ands_kaas/defaults/main.yml @@ -4,8 +4,16 @@ kaas_projects: "{{ ands_openshift_projects.keys() }}" kaas_template_root: "{{ ands_paths.provision }}/kaas/" kaas_glusterfs_endpoints: gfs -kaas_openshift_volumes: "{{ ands_openshift_volumes }}" +kaas_openshift_volumes: "{{ ands_openshift_volumes | default({}) }}" +kaas_openshift_files: "{{ ands_openshift_files | default([]) }}" + +kaas_openshift_uids: "{{ ands_openshift_uids | default({}) }}" +kaas_openshift_gids: "{{ ands_openshift_gids | default({}) }}" +kaas_openshift_gid_ranges: "{{ ands_openshift_gid_ranges | default({}) }}" + kaas_default_volume_capacity: "1Ti" kaas_default_file_owner: root kaas_default_file_group: root + +kaas_pod_history_limit: 1 diff --git a/roles/ands_kaas/tasks/do_project.yml b/roles/ands_kaas/tasks/do_project.yml index a876d94..4fac6c6 100644 --- a/roles/ands_kaas/tasks/do_project.yml +++ b/roles/ands_kaas/tasks/do_project.yml @@ -6,13 +6,15 @@ include_tasks: volume.yml run_once: true # delegate_to: "{{ groups.masters[0] }}" - with_dict: "{{ kaas_project_config.volumes | default(kaas_openshift_volumes) }}" + with_dict: "{{ kaas_project_volumes }}" loop_control: loop_var: osv vars: query: "[*].volumes.{{osv.value.volume}}.mount" mntpath: "{{ (ands_storage_domains | json_query(query)) }}" - path: "{{ mntpath[0] ~ (osv.value.path | default('')) }}" + osvpath: "{{ osv.value.path | default('') }}" + prefix: "{{ ( osvpath[:1] == '/' ) | ternary('', '/' ~ kaas_project ~ '/') }}" + path: "{{ mntpath[0] ~ prefix ~ osvpath }}" name: "{{osv.key}}" volume: "{{osv.value}}" when: ( mntpath | length ) > 0 @@ -29,19 +31,19 @@ include_tasks: file.yml run_once: true # delegate_to: "{{ groups.masters[0] }}" - with_items: "{{ kaas_project_config.files | default(ands_openshift_files) }}" + with_items: "{{ kaas_project_config.files | default(kaas_openshift_files) | default([]) }}" loop_control: loop_var: file vars: pvar: "kaas_{{ file.osv }}_path" path: "{{ hostvars[inventory_hostname][pvar] }}/{{ file.path }}" - when: file.osv in ( kaas_project_config.volumes | default(kaas_openshift_volumes) ) + when: file.osv in kaas_project_volumes - name: Load OpenSSL keys include_tasks: keys.yml # delegate_to: "{{ groups.masters[0] }}" run_once: true - with_dict: "{{ kaas_project_config.pods }}" + with_dict: "{{ kaas_project_config.pods | default({}) }}" loop_control: loop_var: pod @@ -57,5 +59,4 @@ run_once: true when: - kaas_project_config.oc is undefined - - kaas_project_config.pods != {} diff --git a/roles/ands_kaas/tasks/file.yml b/roles/ands_kaas/tasks/file.yml index e6b2e8d..a839473 100644 --- a/roles/ands_kaas/tasks/file.yml +++ b/roles/ands_kaas/tasks/file.yml @@ -3,15 +3,15 @@ set_fact: group="{{ file.group | default(kaas_project_config.file_group | default(ands_default_file_group)) }}" - name : Resolve project groups - set_fact: group="{{ (kaas_project_config.gids | default(ands_openshift_gids))[group].id }}" - when: group in ( kaas_project_config.gids | default(ands_openshift_gids) ) + set_fact: group="{{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }}" + when: group in ( kaas_project_config.gids | default(kaas_openshift_gids) ) - name: Set owner set_fact: owner="{{ file.owner | default(kaas_project_config.file_owner | default(ands_default_file_owner)) }}" - name : Resolve project uids - set_fact: owner="{{ (kaas_project_config.uids | default(ands_openshift_uids) )[owner].id }}" - when: owner in ( kaas_project_config.uids | default(ands_openshift_uids) ) + set_fact: owner="{{ (kaas_project_config.uids | default(kaas_openshift_uids) )[owner].id }}" + when: owner in ( kaas_project_config.uids | default(kaas_openshift_uids) ) - name: "Setting up files in {{ path }}" file: diff --git a/roles/ands_kaas/tasks/main.yml b/roles/ands_kaas/tasks/main.yml index 0931f80..85110cb 100644 --- a/roles/ands_kaas/tasks/main.yml +++ b/roles/ands_kaas/tasks/main.yml @@ -4,7 +4,7 @@ include_tasks: project.yml run_once: true # delegate_to: "{{ groups.masters[0] }}" - with_items: "{{ kaas_projects }}" + with_items: "{{ (kaas_single_project is defined) | ternary([kaas_single_project], kaas_projects) }}" loop_control: loop_var: kaas_project vars: diff --git a/roles/ands_kaas/tasks/project.yml b/roles/ands_kaas/tasks/project.yml index 40b5180..f7eb1df 100644 --- a/roles/ands_kaas/tasks/project.yml +++ b/roles/ands_kaas/tasks/project.yml @@ -1,11 +1,15 @@ --- - name: Load global variables include_vars: "{{kaas_project_path}}/vars/globals.yml" - when: "'{{kaas_project_path}}/vars/globals.yml' | is_file" + when: path | is_file + vars: + path: "{{ kaas_project_path }}/vars/globals.yml" - name: Load variables include_vars: dir="{{kaas_project_path}}/vars" name="var_{{kaas_project}}_config" - when: "'{{kaas_project_path}}/vars' | is_dir" + when: path | is_dir + vars: + path: "{{ kaas_project_path }}/vars" - set_fact: "var_{{kaas_project}}_config={{var_empty}}" vars: @@ -24,4 +28,5 @@ - include_tasks: do_project.yml vars: var_name: "var_{{kaas_project}}_config" - kaas_project_config: "{{hostvars[inventory_hostname][var_name]}}" + kaas_project_config: "{{ hostvars[inventory_hostname][var_name] }}" + kaas_project_volumes: "{{ kaas_project_config.volumes | default(kaas_project_config.extra_volumes | default({}) | combine(kaas_openshift_volumes)) }}"
\ No newline at end of file diff --git a/roles/ands_kaas/tasks/search.yml b/roles/ands_kaas/tasks/search.yml index 9844ee8..1cefb7d 100644 --- a/roles/ands_kaas/tasks/search.yml +++ b/roles/ands_kaas/tasks/search.yml @@ -12,5 +12,5 @@ local_path: "{{ osv_path }}" remote_path: "{{ hostvars[inventory_hostname][pvar] }}" when: - - osv in (kaas_project_config.volumes | default(kaas_openshift_volumes)) + - osv in kaas_project_volumes - hostvars[inventory_hostname][pvar] is defined diff --git a/roles/ands_kaas/tasks/sync.yml b/roles/ands_kaas/tasks/sync.yml index 07764ca..a4febe7 100644 --- a/roles/ands_kaas/tasks/sync.yml +++ b/roles/ands_kaas/tasks/sync.yml @@ -4,5 +4,23 @@ register: result - name: "Sync '{{ item_name }}'" - local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes - when: (result.stat.exists == False) or (kaas_resync | default(false)) + local_action: synchronize src="{{ item_src }}" dest="{{ remote_path }}/" archive=yes delete=yes + register: sync + when: (result.stat.exists == False) or (kaas_resync | default(false)) or (kaas_project_config.resync | default(false)) + +- name: "Ensure the data is writeable by project pods" + vars: + grp: "{{ kaas_project_config.sync_set_gid }}" + gid: "{{ ((kaas_project_config.gids | default(kaas_openshift_gids))[grp] is defined) | ternary((kaas_project_config.gids | default(kaas_openshift_gids))[grp].id, grp) }}" + file: + path: "{{ remote_path }}" + state: "directory" + recurse: "yes" + mode: "g+w" + owner: "{{ kaas_project_config.sync_set_uid | default('root') }}" + group: "{{ gid }}" + register: chmod + when: + - sync | changed + - kaas_openshift_gid_ranges[kaas_project] is defined + - kaas_project_config.sync_set_gid | default(false) diff --git a/roles/ands_kaas/tasks/template.yml b/roles/ands_kaas/tasks/template.yml index 6a81dd7..6c90b3d 100644 --- a/roles/ands_kaas/tasks/template.yml +++ b/roles/ands_kaas/tasks/template.yml @@ -1,4 +1,4 @@ -- name: Populate template +- name: "Populate template {{ tmpl_name }}" template: src="{{ item }}" dest="{{ kaas_template_path }}/{{ item | basename | regex_replace('\.j2','') }}" owner=root group=root mode="0644" register: result with_first_found: @@ -8,7 +8,7 @@ files: - "{{ tmpl_name }}" -- name: Configure KaaS resources +- name: "Configure KaaS resources defined in {{ tmpl_name }}" include_role: name="openshift_resource" vars: template: "{{ tmpl_name | basename | regex_replace('\\.j2','') }}" diff --git a/roles/ands_kaas/tasks/templates.yml b/roles/ands_kaas/tasks/templates.yml index e1612bc..2de4fad 100644 --- a/roles/ands_kaas/tasks/templates.yml +++ b/roles/ands_kaas/tasks/templates.yml @@ -4,10 +4,12 @@ command: "echo {{ item | quote }}" register: results changed_when: false + when: (kaas_project_config.pods | default([]) | length > 0) or not (item | regex_search('kaas-pods')) with_fileglob: - "{{ role_path }}/templates/{{ kaas_template_glob | default('*') }}.j2" - "{{ kaas_project_path }}/templates/{{ kaas_template_glob | default('*') }}.j2" + #- debug: msg="{{ results }}" - name: "Sort and execute KaaS templates" diff --git a/roles/ands_kaas/tasks/volume.yml b/roles/ands_kaas/tasks/volume.yml index b82e55f..ff51fb0 100644 --- a/roles/ands_kaas/tasks/volume.yml +++ b/roles/ands_kaas/tasks/volume.yml @@ -6,6 +6,40 @@ file: path: "{{ path }}" state: "directory" + recurse: "no" + register: mkdir + +- name: "Ensure the {{ path }} is writeable by project pods" + vars: + default_group: "{{ kaas_openshift_gid_ranges[kaas_project] | default('') | regex_replace('^([0-9]+)[^0-9]*.*$', '\\1') }}" + file: + path: "{{ path }}" + state: "directory" + recurse: "no" + mode: "{{ volume.mode | default(0775) }}" + owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}" + group: "{{ volume.group | default(kaas_project_config.file_group) | default(default_group) }}" + register: chmod + when: + - mkdir | changed + - kaas_openshift_gid_ranges[kaas_project] is defined + - osvpath[:1] != "/" + +# There is no other way to write for users. There will be just two osv's one writeable and one not. +# We may create a dir with the wrong one and have permissions not set +# - volume.write | default(false) + +- name: "Setting default permissions for non standard locations" + file: + path: "{{ path }}" + state: "directory" + recurse: "no" mode: "{{ volume.mode | default(0755) }}" owner: "{{ volume.owner | default(kaas_project_config.file_owner) | default(kaas_default_file_owner) }}" group: "{{ volume.group | default(kaas_project_config.file_group) | default(kaas_default_file_group) }}" + when: + - mkdir | changed + - chmod | skipped + + + diff --git a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 index c90c610..c9341ed 100644 --- a/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 +++ b/roles/ands_kaas/templates/00-gfs-volumes.yml.j2 @@ -6,8 +6,10 @@ metadata: annotations: descriptions: "KATRIN Volumes" objects: -{% for name, vol in (kaas_project_config.volumes | default(kaas_openshift_volumes)).iteritems() %} +{% for name, vol in kaas_project_volumes.iteritems() %} {% set oc_name = vol.name | default(name) | regex_replace('_','-') %} +{% set cfgpath = vol.path | default("") %} +{% set path = cfgpath if cfgpath[:1] == "/" else "/" + kaas_project + "/" + cfgpath %} - apiVersion: v1 kind: PersistentVolume metadata: @@ -16,7 +18,7 @@ objects: persistentVolumeReclaimPolicy: Retain glusterfs: endpoints: {{ kaas_glusterfs_endpoints }} - path: "{{ vol.volume }}{{vol.path}}" + path: "{{ vol.volume }}{{path}}" readOnly: {{ not (vol.write | default(false)) }} accessModes: - {{ vol.access | default(vol.write | default(false) | ternary('ReadWriteMany', 'ReadOnlyMany')) }} diff --git a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 index 9782f75..2ed7462 100644 --- a/roles/ands_kaas/templates/50-kaas-pods.yml.j2 +++ b/roles/ands_kaas/templates/50-kaas-pods.yml.j2 @@ -7,7 +7,7 @@ metadata: annotations: descriptions: {{ kaas_project_config.description | default(kaas_project ~ "auto-generated pod template") }} objects: -{% for name, pod in (kaas_project_config.pods | default(kaas_openshift_volumes)).iteritems() %} +{% for name, pod in (kaas_project_config.pods | default({})).iteritems() %} {% set pubkey = "kaas_" ~ name ~ "_pubkey" %} {% set privkey = "kaas_" ~ name ~ "_privkey" %} {% set cakey = "kaas_" ~ name ~ "_ca" %} @@ -68,10 +68,10 @@ objects: metadata: name: {{ pod.name | default(name) }} spec: - replicas: {{ pod.sched.replicas | default(1) }} + replicas: {{ ( pod.sched | default({})).replicas | default(1) }} revisionHistoryLimit: 2 strategy: - type: {{ pod.sched.strategy | default('Rolling') }} + type: {{ (pod.sched | default({})).strategy | default('Rolling') }} triggers: - type: ConfigChange selector: @@ -105,18 +105,18 @@ objects: securityContext: {% if (pod.run_as is defined) %} {% if (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as] is defined %} - - {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} + runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[pod.run_as].id }} {% else %} - - {{ pod.run_as }} + runAsUser: {{ pod.run_as }} {% endif %} {% endif %} {% if (pod.groups is defined) %} supplementalGroups: {% for group in pod.groups %} {% if (kaas_project_config.gids | default(kaas_openshift_gids))[group] is defined %} - - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} + - {{ (kaas_project_config.gids | default(kaas_openshift_gids))[group].id }} {% else %} - - {{ group }} + - {{ group }} {% endif %} {% endfor %} {% endif %} diff --git a/roles/ands_openshift/tasks/security_resources.yml b/roles/ands_openshift/tasks/security_resources.yml index 5644723..5b80f1e 100644 --- a/roles/ands_openshift/tasks/security_resources.yml +++ b/roles/ands_openshift/tasks/security_resources.yml @@ -6,49 +6,41 @@ - name: Patch group range in project configuration include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" - resource: "ns/{{ prj_item }}" - patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ands_openshift_gid_ranges[prj_item]}}"}}}' + project: "{{ item.key }}" + resource: "ns/{{ item.key }}" + patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.supplemental-groups":"{{ item.value }}"}}}' patch_path: "{{ ands_openshift_patch_path }}" - with_items: "{{ (ands_openshift_gid_ranges | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_gid_ranges | default({}) }}" - name: Patch uid range in project configuration include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" - resource: "ns/{{ prj_item }}" - patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ands_openshift_uid_ranges[prj_item]}}"}}}' + project: "{{ item.key }}" + resource: "ns/{{ item.key }}" + patch: '{"metadata":{"annotations":{"openshift.io/sa.scc.uid-range":"{{ item.value }}"}}}' patch_path: "{{ ands_openshift_patch_path }}" - with_items: "{{ (ands_openshift_uid_ranges | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_uid_ranges | default({}) }}" - name: Restrict supplementalGroups include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" + project: "{{ item.key }}" resource: "scc/restricted" modes: "{{ ands_openshift_gid_mode | default({}) }}" - mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}" + mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}" patch: '{"supplementalGroups":{"type":"{{mode}}"}}' patch_path: "{{ ands_openshift_patch_path }}" when: mode != false - with_items: "{{ (ands_openshift_projects | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_projects | default({}) }}" - name: Configure runAsUser include_role: name="openshift_resource" tasks_from="patch.yml" vars: - project: "{{ prj_item }}" + project: "{{ item.key }}" resource: "scc/restricted" modes: "{{ ands_openshift_uid_mode | default({}) }}" - mode: "{{ (modes[prj_item] is defined) | ternary(modes[prj_item], modes['ands_default'] | default(false)) }}" + mode: "{{ modes[item.key] | default(modes['ands_default'] | default(false)) }}" patch: '{"runAsUser":{"type":"{{mode}}"}}' patch_path: "{{ ands_openshift_patch_path }}" when: mode != false - with_items: "{{ (ands_openshift_projects | default({})).keys() }}" - loop_control: - loop_var: prj_item + with_dict: "{{ ands_openshift_projects | default({}) }}" diff --git a/roles/ands_openshift/tasks/storage_resources.yml b/roles/ands_openshift/tasks/storage_resources.yml index 5adf69e..c83c677 100644 --- a/roles/ands_openshift/tasks/storage_resources.yml +++ b/roles/ands_openshift/tasks/storage_resources.yml @@ -13,7 +13,7 @@ template_path: "{{ storage_template_path }}" project: "{{ prj_item }}" recreate: "{{ result | changed | ternary (true, false) }}" - with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}" + with_items: "{{ ands_openshift_projects.keys() }}" loop_control: loop_var: prj_item @@ -28,6 +28,9 @@ template_path: "{{ storage_template_path }}" project: "{{ prj_item }}" recreate: "{{ result | changed | ternary (true, false) }}" - with_items: "{{ ands_openshift_projects.keys() | union(['default']) }}" + with_items: "{{ ands_openshift_projects.keys() }}" loop_control: loop_var: prj_item + + +
\ No newline at end of file diff --git a/roles/ands_openshift/tasks/users_resources.yml b/roles/ands_openshift/tasks/users_resources.yml index 5bc748c..722e1eb 100644 --- a/roles/ands_openshift/tasks/users_resources.yml +++ b/roles/ands_openshift/tasks/users_resources.yml @@ -19,6 +19,14 @@ command: "oc adm new-project --description '{{ ands_openshift_projects[item] }}' {{ item }}" with_items: "{{ new_projects | default([]) }}" +- name: Allow projects to pull images from KaaS imagestreams + command: "oc policy add-role-to-group system:image-puller system:serviceaccounts:{{ prj_item }} --namespace=kaas" + with_items: "{{ ands_openshift_projects.keys() }}" + when: + prj_item != "kaas" + loop_control: + loop_var: prj_item + - name: Configure per project roles command: "oc adm policy add-role-to-user -n {{ item.key.split('/')[0] }} {{ item.key.split('/')[1] }} {{ item.value.replace(' ','').split(',') | join(' ') }}" with_dict: "{{ ands_openshift_roles }}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 7f6922b..9bd820a 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -4,6 +4,10 @@ - epel-release - centos-release-openshift-origin +- name: Add our repository with updates and overrides + yum_repository: name="{{ item.name }}" description= "{{ item.description | default('Ands repository') }}" baseurl="{{ item.url }}" enabled="yes" gpgcheck="no" cost="{{ item.cost | default(1) }}" + with_items: "{{ ands_repositories | default([]) }}" + - name: Ensure GlusterFS repositories are present yum: name="centos-release-gluster{{ glusterfs_version }}" state=present @@ -25,6 +29,11 @@ - python-rhsm-certificates - glusterfs-fuse +#- name: Add NodeJS required by a few used Ansible extensions +# package: name={{item}} state=present +# with_items: +# - nodejs + - name: Ensure all extra packages are installed package: name={{item}} state=present with_items: "{{ extra_packages | default([]) }}" diff --git a/roles/docker/defaults/main.yml b/roles/docker/defaults/main.yml index 6542789..f7b96f5 100644 --- a/roles/docker/defaults/main.yml +++ b/roles/docker/defaults/main.yml @@ -1,3 +1,6 @@ -docker_min_size: 100 docker_exclude_vgs: "{{ ands_data_vg is defined | ternary( [ ands_data_vg ], [] ) }}" docker_lv: "docker-pool" + +docker_min_size: 100 +docker_max_log_size: "2m" +docker_max_log_files: "3" diff --git a/roles/docker/handlers/main.yml b/roles/docker/handlers/main.yml new file mode 100644 index 0000000..43016e0 --- /dev/null +++ b/roles/docker/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: restart docker + service: name=docker state=restarted diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml index e424e01..a7bd700 100644 --- a/roles/docker/tasks/main.yml +++ b/roles/docker/tasks/main.yml @@ -27,6 +27,15 @@ lvol: vg="{{ ansible_lvm['lvs'][docker_lv]['vg'] }}" lv="docker_lv" size="{{ docker_volume_size }}" when: docker_volume_size is defined -- name: stop docker +- name: Limit size of container log files + ghetto_json: + path: "/etc/docker/daemon.json" + log-driver: "json-file" + log-opts.max-size: "{{ docker_max_log_size }}" + log-opts.max-file: "{{ docker_max_log_files }}" + notify: + - restart docker + +- name: start docker service: name="docker" enabled=yes state=started
\ No newline at end of file diff --git a/roles/glusterfs/tasks/data b/roles/glusterfs/tasks/data deleted file mode 120000 index 31bb52e..0000000 --- a/roles/glusterfs/tasks/data +++ /dev/null @@ -1 +0,0 @@ -cfg
\ No newline at end of file diff --git a/roles/glusterfs/tasks/data/vols2.yml b/roles/glusterfs/tasks/data/vols2.yml new file mode 100644 index 0000000..d094797 --- /dev/null +++ b/roles/glusterfs/tasks/data/vols2.yml @@ -0,0 +1,13 @@ +--- +- name: "Create {{ name }} volume" + gluster_volume: + state: present + name: "{{ name }}" + cluster: "{{ domain_servers | join(',') }}" + replicas: "{{ domain_servers | length }}" + bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}" + transport: "{{ glusterfs_transport }}" + + +- name: "Start {{ name }} volume" + gluster_volume: state="started" name="{{ name }}" diff --git a/roles/glusterfs/tasks/data/vols3.yml b/roles/glusterfs/tasks/data/vols3.yml new file mode 100644 index 0000000..866480c --- /dev/null +++ b/roles/glusterfs/tasks/data/vols3.yml @@ -0,0 +1,14 @@ +--- +- name: "Create {{ name }} volume" + gluster_volume: + state: present + name: "{{ name }}" + cluster: "{{ domain_servers | join(',') }}" + replicas: 3 + arbiters: 1 + bricks: "{{ glusterfs_bricks_path }}/brick-{{ name }}" + transport: "{{ glusterfs_transport }}" + + +- name: "Start {{ name }} volume" + gluster_volume: state="started" name="{{ name }}" diff --git a/roles/glusterfs/tasks/tmp/vols2.yml b/roles/glusterfs/tasks/la/vols2.yml index b6a3e8f..b6a3e8f 120000 --- a/roles/glusterfs/tasks/tmp/vols2.yml +++ b/roles/glusterfs/tasks/la/vols2.yml diff --git a/roles/glusterfs/tasks/tmp/vols3.yml b/roles/glusterfs/tasks/la/vols3.yml index 9565bb3..9565bb3 100644 --- a/roles/glusterfs/tasks/tmp/vols3.yml +++ b/roles/glusterfs/tasks/la/vols3.yml diff --git a/roles/glusterfs/tasks/tmp b/roles/glusterfs/tasks/tmp new file mode 120000 index 0000000..6320cd2 --- /dev/null +++ b/roles/glusterfs/tasks/tmp @@ -0,0 +1 @@ +data
\ No newline at end of file diff --git a/roles/openshift_resource/tasks/main.yml b/roles/openshift_resource/tasks/main.yml index af071f9..8606aa3 100644 --- a/roles/openshift_resource/tasks/main.yml +++ b/roles/openshift_resource/tasks/main.yml @@ -5,18 +5,27 @@ changed_when: false register: results - - name: Parse JSON templates + - name: "Parse JSON templates {{ template }}" set_fact: tmpl="{{ results.stdout | from_json }}" when: template.find(".json") != -1 - - name: Parse YaML templates + - name: "Parse YaML templates {{ template }}" set_fact: tmpl="{{ results.stdout | from_yaml }}" when: template.find(".json") == -1 - - include_tasks: template.yml - when: (tmpl.kind == "Template") and (tmpl.parameters is not defined) - - - include_tasks: resource.yml - when: (tmpl.parameters is defined) or (tmpl.kind != "Template") + - name: "Populating resources defined in {{ template }} template" + include_tasks: template.yml + register: results + vars: + metadata: "{{ tmpl.metadata | default({}) }}" + annotations: "{{ metadata.annotations | default({}) }}" + strategy: "{{ annotations['kaas/strategy'] | default('auto') }}" + when: + - tmpl.kind == "Template" + - strategy == "auto" + + - name: "Creating template/resources defined in {{ template }}" + include_tasks: resource.yml + when: results | skipped run_once: true diff --git a/roles/openshift_resource/tasks/resource.yml b/roles/openshift_resource/tasks/resource.yml index 769a89c..4e6e7ac 100644 --- a/roles/openshift_resource/tasks/resource.yml +++ b/roles/openshift_resource/tasks/resource.yml @@ -3,20 +3,20 @@ - name: Find out which resources we are going to configure set_fact: rkind="{{ tmpl.kind }}" rname="{{ tmpl.metadata.name }}" - - name: Lookup the specified resource + - name: "Lookup the specified resource {{rkind}}/{{rname}}" command: "oc get -n {{project}} {{rkind}}/{{rname}}" register: find_result changed_when: false failed_when: false - - name: Detroy existing resources + - name: "Detroy existing resources {{rkind}}/{{rname}}" command: "oc delete -n {{project}} {{rkind}}/{{rname}}" register: rm_result failed_when: false changed_when: (rm_result | succeeded) when: (recreate|default(false)) - - name: Create resources defined in template + - name: "Create resources defined in {{ template }}" command: "oc create -n {{project}} -f '{{ template_path }}/{{ template }}' {{ create_args | default('') }}" when: (recreate|default(false)) or (find_result.rc != 0) run_once: true diff --git a/roles/openshift_resource/tasks/template.yml b/roles/openshift_resource/tasks/template.yml index c93dec5..6c9340b 100644 --- a/roles/openshift_resource/tasks/template.yml +++ b/roles/openshift_resource/tasks/template.yml @@ -5,7 +5,7 @@ vars: query: "objects[*].{kind: kind, name: metadata.name}" - - name: Lookup the specified resource + - name: "{{ template }}: Lookup the specified resource" command: "oc get -n {{project}} {{item.kind}}/{{item.name}}" register: results failed_when: false @@ -13,13 +13,13 @@ with_items: "{{ resources | default([]) }}" # when: not (recreate|default(false)) - - name: Detroy existing resources + - name: "{{ template }}: Detroy existing resources" command: "oc delete -n {{project}} {{resources[item|int].kind}}/{{resources[item|int].name}}" failed_when: false with_sequence: start=0 count="{{resources | default([]) | length}}" when: ((recreate|default(false)) or (results | changed)) and (results.results[item|int].rc == 0) - - name: Create resources defined in template + - name: "{{ template }}: Create resources defined" shell: "oc process -f '{{ template_path }}/{{template}}' {{ template_args | default('') }} | oc create -n {{project}} -f - {{ create_args | default('') }}" when: (recreate|default(false)) or (results | changed) run_once: true @@ -35,6 +35,12 @@ case "${1}" in projects) apply playbooks/openshift-setup-projects.yml || exit 1 ;; + project) + project=$2 + shift + [ -z "$project" ] && { echo 'project name should be specified...' ; exit 1; } + apply playbooks/openshift-setup-project.yml --extra-vars "ands_configure_project=$project" || exit 1 + ;; openshift-nodes) apply playbooks/openshift-add-nodes.yml || exit 1 ;; diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml index 17351ac..e6e4c75 100644 --- a/setup/configs/openshift.yml +++ b/setup/configs/openshift.yml @@ -1,15 +1,26 @@ --- ands_openshift_projects: - adei: ADEI - -# katrin: KArlsruhe TRItium Neutrino -# test: Tesing + kaas: KaaS router and common resources + katrin: KArlsruhe TRItium Neutrino + adei: ADEI + bora: Build Once Run Always + web: Web Sites + mon: OpenShift monitoring + test: Namespace for testing and prototyping ands_openshift_users: pdv: IPE Administation Account katrin: KATRIN Project csa: Suren A. Chilingaryan <csa@suren.me> + kopmann: Andreas Kopmann <kopmann@kit.edu> + ntj: Nicholas Tan Jerome <nicholas.jerome@kit.edu> ands_openshift_roles: - cluster-admin: csa, pdv + cluster-admin: csa + kaas/admin: csa, kopmann katrin/admin: katrin + adei/admin: csa + bora/admin: ntj + web/admin: kopmann + mon/admin: csa + test/admin: csa, ntj, kopmann, katrin diff --git a/setup/configs/security.yml b/setup/configs/security.yml index 413f57e..b870c55 100644 --- a/setup/configs/security.yml +++ b/setup/configs/security.yml @@ -1,6 +1,6 @@ ands_openshift_gid_mode: -# adei: "RunAsAny" ands_default: "MustRunAs" +# sample: "RunAsAny" #ands_openshift_uid_mode: # ands_default: "MustRunAsRange" @@ -8,8 +8,13 @@ ands_openshift_gid_mode: #ands_openshift_uid_ranges: ands_openshift_gid_ranges: + kaas: "4000/10" katrin: "5000/10" - adei: "5010/10" + test: "7100/10" + adei: "6000/10" + bora: "6100/10" + web: "6200/10" + mon: "7000/10" ands_openshift_uids: kaas: { id: 6000 } diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml index d93f177..f400eed 100644 --- a/setup/configs/volumes.yml +++ b/setup/configs/volumes.yml @@ -4,6 +4,7 @@ ands_paths: openshift: /mnt/openshift temporary: /mnt/temporary databases: /mnt/databases + datastore: /mnt/datastore katrin_data: /mnt/katrin ands_heketi_domain: @@ -15,10 +16,11 @@ ands_storage_domains: - servers: "ands_storage_servers" clients: "masters" volumes: - provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } - openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } - databases: { type: "db", mount: "{{ ands_paths.databases }}" } - temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } + provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } + openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } + databases: { type: "db", mount: "{{ ands_paths.databases }}" } + temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } + datastore: { type: "data", mount: "{{ ands_paths.datastore }}" } katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" } # - servers: "storage_nodes" # clients: "nodes" @@ -30,13 +32,14 @@ ands_storage_domains: # Per project list (to distribute in multiple namespaces later) +# If not started with '/' will be prepended with project name ands_openshift_volumes: - etc: { volume: "openshift", path: "/etc" } - src: { volume: "openshift", path: "/src" } - www: { volume: "openshift", path: "/www" } - log: { volume: "temporary", path: "/log", write: true} - tmp: { volume: "temporary", path: "/tmp", write: true} + etc: { volume: "openshift", path: "" } + etcw: { volume: "openshift", path: "", write: true } + data: { volume: "datastore", path: "", write: true } + db: { volume: "databases", path: "", write: true } + tmp: { volume: "temporary", path: "", write: true } # Global list, we only take things from the volume of project -ands_openshift_files: - - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" } +#ands_openshift_files: +# - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" } diff --git a/setup/projects/adei/templates/60-adei.yml.j2 b/setup/projects/adei/templates/60-adei.yml.j2 index 1bff206..537368f 100644 --- a/setup/projects/adei/templates/60-adei.yml.j2 +++ b/setup/projects/adei/templates/60-adei.yml.j2 @@ -8,6 +8,7 @@ metadata: openshift.io/provider-display-name: "KIT" openshift.io/documentation-url: "http://adei.info" openshift.io/support-url: "http://adei.info" + kaas/strategy: "manual" labels: app: "adei" objects: diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml index 69d291c..cdeb4e7 100644 --- a/setup/projects/adei/vars/volumes.yml +++ b/setup/projects/adei/vars/volumes.yml @@ -1,20 +1,22 @@ -volumes: - adei_init: { volume: "openshift", path: "/adei/init" } # mysql - adei_etc: { volume: "openshift", path: "/adei/etc" } # mysql - adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links) - adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup) - adei_sys: { volume: "openshift", path: "/adei/sys" } # per-setup cron-jon overrides - adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files - adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files - adei_db: { volume: "databases", path: "/adei", write: true} - gids: - adei: { id: 5010 } - adei_db: { id: 5011 } + adei: { id: 6000 } + adei_db: { id: 6001 } + +volumes: + adei_init: { volume: "openshift", path: "/adei/init"} # mysql + adei_etc: { volume: "openshift", path: "/adei/etc"} # mysql (maybe) + adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links) + adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup) + adei_sys: { volume: "openshift", path: "/adei/sys" } # per-setup cron-jon overrides + adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files + adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files + adei_db: { volume: "databases", path: "/adei", write: true } # mysql files: - - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" } - - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" } + - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_cfg", path: "/prod", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_cfg", path: "/dbg", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" } + - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" } diff --git a/setup/projects/katrin/files/www/kaas/index.html b/setup/projects/kaas/files/data/www/index.html index 906ee19..906ee19 100644 --- a/setup/projects/katrin/files/www/kaas/index.html +++ b/setup/projects/kaas/files/data/www/index.html diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf index c581e97..c581e97 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf index 29dfb72..29dfb72 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf index efeca05..efeca05 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf index db316c0..db316c0 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf index 7f66461..7f66461 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf index fc12fb9..fc12fb9 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf index 8c44c60..8c44c60 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf index 8ff9a45..8ff9a45 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf index f8c023e..f8c023e 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf index 567bd6d..567bd6d 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf index 01a73f3..01a73f3 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf +++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf b/setup/projects/kaas/files/etc/apache2/httpd.conf index 4b05e71..4b05e71 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf +++ b/setup/projects/kaas/files/etc/apache2/httpd.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf b/setup/projects/kaas/files/etc/apache2/kaas/router.conf index 4afa6dd..4afa6dd 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf +++ b/setup/projects/kaas/files/etc/apache2/kaas/router.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/magic b/setup/projects/kaas/files/etc/apache2/magic index 0de7336..0de7336 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/magic +++ b/setup/projects/kaas/files/etc/apache2/magic diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types b/setup/projects/kaas/files/etc/apache2/mime.types index 5175242..5175242 100644 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types +++ b/setup/projects/kaas/files/etc/apache2/mime.types diff --git a/setup/projects/katrin/keys/kaas.crt b/setup/projects/kaas/keys/kaas.crt index 82ef723..82ef723 100644 --- a/setup/projects/katrin/keys/kaas.crt +++ b/setup/projects/kaas/keys/kaas.crt diff --git a/setup/projects/katrin/keys/kaas.key b/setup/projects/kaas/keys/kaas.key index 3d766c8..3d766c8 100644 --- a/setup/projects/katrin/keys/kaas.key +++ b/setup/projects/kaas/keys/kaas.key diff --git a/setup/projects/kaas/templates/10-kaas-builder.yml.j2 b/setup/projects/kaas/templates/10-kaas-builder.yml.j2 new file mode 100644 index 0000000..52066a5 --- /dev/null +++ b/setup/projects/kaas/templates/10-kaas-builder.yml.j2 @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: Template +metadata: + name: kaas-manager-build + labels: + app: kaas-manager + annotations: + descriptions: "KaaS Data Manager Build" +objects: + - kind: ImageStream + apiVersion: v1 + metadata: + name: kaas-manager + - kind: "BuildConfig" + apiVersion: "v1" + metadata: + name: "kaas-manager" + spec: +# runPolicy: "Serial" + successfulBuildsHistoryLimit: "{{ kaas_pod_history_limit }}" + failedBuildsHistoryLimit: "{{ kaas_pod_history_limit }}" + triggers: + - type: "ConfigChange" + source: + type: "Git" + git: + uri: "http://adei.info/git/csa/devops/docker/ands-management.git" + strategy: + dockerStrategy: + dockerfilePath: Dockerfile + output: + to: + kind: "ImageStreamTag" + name: "kaas-manager:latest" + imageLabels: + - name: "vendor" + value: "KIT" + - name: "author" + value: "Suren A. Chilingaryan" + - name: "authoritative-source-url" + value: "adei.info" + diff --git a/setup/projects/kaas/templates/40-kaas-manager.yml.j2 b/setup/projects/kaas/templates/40-kaas-manager.yml.j2 new file mode 100644 index 0000000..e181737 --- /dev/null +++ b/setup/projects/kaas/templates/40-kaas-manager.yml.j2 @@ -0,0 +1,91 @@ +#jinja2: trim_blocks: "true", lstrip_blocks: "false" +--- +{% set gid_range = kaas_openshift_gid_ranges[kaas_project].split("/") %} +apiVersion: v1 +kind: Template +metadata: + name: kaas-manager + annotations: + descriptions: KaaS Data Management Service +objects: + - apiVersion: v1 + kind: DeploymentConfig + metadata: + name: kaas-manager + spec: + replicas: 1 + revisionHistoryLimit: {{ kaas_pod_history_limit }} + strategy: + type: Rolling + triggers: + - type: ConfigChange + selector: + name: kaas-manager + triggers: + - type: ConfigChange + - type: ImageChange + imageChangeParams: + automatic: true + from: + kind: "ImageStreamTag" + name: "kaas-manager:latest" + namespace: "kaas" + containerNames: + - kaas-manager + template: + metadata: + name: kaas-manager + labels: + name: kaas-manager + spec: + securityContext: + supplementalGroups: +{% for ofs in range(gid_range[1] | default(1) | int) %} + - {{ (gid_range[0] | int) + ofs }} +{% endfor %} +{% if (kaas_project_config.run_pods_as is defined) %} +{% if ((kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as] is defined) %} + runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as].id }} +{% else %} + runAsUser: {{ kaas_project_config.run_pods_as }} +{% endif %} +{% endif %} + volumes: +{% for name, vol in kaas_project_volumes.iteritems() %} +{% set oc_name = name | regex_replace('_','-') %} +{% if (vol.write | default(false)) %} + - name: vol-{{ name }} + persistentVolumeClaim: + claimName: {{ oc_name }} +{% endif %} +{% endfor %} +{% if ('data' not in kaas_project_volumes) %} + - name: home + emptyDir: {} +{% endif %} + containers: + - name: kaas-manager + image: kaas-manager + command: [ "/docker-entrypoint.sh", "/bin/sx" ] + volumeMounts: +{% for name, vol in kaas_project_volumes.iteritems() %} +{% if (vol.write | default(false)) %} + - name: vol-{{ name }} + mountPath: /mnt/{{ name }} +{% endif %} +{% endfor %} +{% if ('data' not in kaas_project_volumes) %} + - name: home + mountPath: /home +{% endif %} + env: + - name: HOME +{% if ('data' in kaas_project_volumes) %} + value: /mnt/data/home +{% else %} + value: /tmp +{% endif %} +# lifecycle: +# postStart: +# exec: +# command: [ "/bin/bash", "[ -d $HOME ] || mkdir -p $HOME" ] diff --git a/setup/projects/katrin/vars/globals.yml b/setup/projects/kaas/vars/globals.yml index 50776ff..69b0bfe 100644 --- a/setup/projects/katrin/vars/globals.yml +++ b/setup/projects/kaas/vars/globals.yml @@ -1,2 +1 @@ -#katrin_node: katrin.kit.edu katrin_node: "katrin.{{ openshift_master_default_subdomain }}" diff --git a/setup/projects/kaas/vars/pods.yml b/setup/projects/kaas/vars/pods.yml new file mode 100644 index 0000000..41831ab --- /dev/null +++ b/setup/projects/kaas/vars/pods.yml @@ -0,0 +1,15 @@ +pods: + kaas-router: + service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } + sched: { replicas: 1, selector: { master: 1 } } + selector: { master: 1 } + images: + - image: "httpd:2.2" + mappings: + - { name: "etc", path: "apache2", mount: "/usr/local/apache2/conf" } + - { name: "data", path: "www", mount: "/usr/local/apache2/htdocs" } + - { name: "tmp", path: "apache2", mount: "/usr/local/apache2/logs" } + probes: + - { port: 8080, path: '/index.html' } + +
\ No newline at end of file diff --git a/setup/projects/kaas/vars/volumes.yml b/setup/projects/kaas/vars/volumes.yml new file mode 100644 index 0000000..3554aa6 --- /dev/null +++ b/setup/projects/kaas/vars/volumes.yml @@ -0,0 +1,10 @@ +gids: + kaas: { id: 4000 } + +files: + - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "0775" } + - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "0775" } + - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "0775" } + +#resync: true +sync_set_gid: kaas diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf deleted file mode 100644 index a70324b..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf +++ /dev/null @@ -1,217 +0,0 @@ -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 0.0.0.0:8443 https - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000) -SSLSessionCacheTimeout 300 - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:8443> - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:8443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -ErrorLog |/usr/bin/cat -TransferLog |/usr/bin/cat -LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 - -# Speed-optimized SSL Cipher configuration: -# If speed is your main concern (on busy HTTPS servers e.g.), -# you might want to force clients to specific, performance -# optimized ciphers. In this case, prepend those ciphers -# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. -# Caveat: by giving precedence to RC4-SHA and AES128-SHA -# (as in the example below), most connections will no longer -# have perfect forward secrecy - if the server's key is -# compromised, captures of past or future traffic must be -# considered compromised, too. -#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 -#SSLHonorCipherOrder on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -SSLCertificateFile /etc/pki/tls/certs/localhost.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -<Files ~ "\.(cgi|shtml|phtml|php3?)$"> - SSLOptions +StdEnvVars -</Files> -<Directory "/var/www/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog |/usr/bin/cat \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf deleted file mode 100644 index b5d7a49..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf +++ /dev/null @@ -1,36 +0,0 @@ -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -<IfModule mod_userdir.c> - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html -</IfModule> - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -<Directory "/home/*/public_html"> - AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - Require method GET POST OPTIONS -</Directory> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README deleted file mode 100644 index f5e9661..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README +++ /dev/null @@ -1,9 +0,0 @@ - -This directory holds configuration files for the Apache HTTP Server; -any files in this directory which have the ".conf" extension will be -processed as httpd configuration files. The directory is used in -addition to the directory /etc/httpd/conf.modules.d/, which contains -configuration files necessary to load modules. - -Files are processed in alphabetical order. - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf deleted file mode 100644 index 55f658e..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf +++ /dev/null @@ -1,94 +0,0 @@ -# -# Directives controlling the display of server-generated directory listings. -# -# Required modules: mod_authz_core, mod_authz_host, -# mod_autoindex, mod_alias -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing HTMLTable VersionSort - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/opt/rh/httpd24/root/usr/share/httpd/icons/" - -<Directory "/opt/rh/httpd24/root/usr/share/httpd/icons"> - Options Indexes MultiViews FollowSymlinks - AllowOverride None - Require all granted -</Directory> - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif /core -AddIcon /icons/bomb.gif */core.* - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf deleted file mode 100644 index 325d196..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf +++ /dev/null @@ -1,6 +0,0 @@ -ProxyPass /adei http://katrin.kit.edu/adei -ProxyPassReverse /adei http://katrin.kit.edu/adei -ProxyPass /adei-katrin http://katrin.kit.edu/adei-katrin -ProxyPassReverse /adei-katrin http://katrin.kit.edu/adei-katrin -ProxyPass /katrin-ng http://katrin.kit.edu/katrin-ng -ProxyPassReverse /katrin-ng http://katrin.kit.edu/katrin-ng diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf deleted file mode 100644 index e69de29..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf +++ /dev/null diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf deleted file mode 100644 index 34b4b72..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf +++ /dev/null @@ -1,18 +0,0 @@ -# -# This configuration file enables the default "Welcome" page if there -# is no default index page present for the root URL. To disable the -# Welcome page, comment out all the lines below. -# -# NOTE: if this file is removed, it will be restored on upgrades. -# -<LocationMatch "^/+$"> - Options -Indexes - ErrorDocument 403 /.noindex.html -</LocationMatch> - -<Directory /opt/rh/httpd24/root/usr/share/httpd/noindex> - AllowOverride None - Require all granted -</Directory> - -Alias /.noindex.html /opt/rh/httpd24/root/usr/share/httpd/noindex/index.html diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf deleted file mode 100644 index 2e3ce8c..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf +++ /dev/null @@ -1,67 +0,0 @@ -# -# This file loads most of the modules included with the Apache HTTP -# Server itself. -# - -LoadModule access_compat_module modules/mod_access_compat.so -LoadModule actions_module modules/mod_actions.so -LoadModule alias_module modules/mod_alias.so -LoadModule allowmethods_module modules/mod_allowmethods.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_core_module modules/mod_authn_core.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_socache_module modules/mod_authn_socache.so -LoadModule authz_core_module modules/mod_authz_core.so -LoadModule authz_dbd_module modules/mod_authz_dbd.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule cache_module modules/mod_cache.so -LoadModule cache_disk_module modules/mod_cache_disk.so -LoadModule cache_socache_module modules/mod_cache_socache.so -LoadModule data_module modules/mod_data.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule dir_module modules/mod_dir.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule echo_module modules/mod_echo.so -LoadModule env_module modules/mod_env.so -LoadModule expires_module modules/mod_expires.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule filter_module modules/mod_filter.so -LoadModule headers_module modules/mod_headers.so -#LoadModule http2_module modules/mod_http2.so -LoadModule include_module modules/mod_include.so -LoadModule info_module modules/mod_info.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule macro_module modules/mod_macro.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule mime_module modules/mod_mime.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule remoteip_module modules/mod_remoteip.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule request_module modules/mod_request.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule slotmem_plain_module modules/mod_slotmem_plain.so -LoadModule slotmem_shm_module modules/mod_slotmem_shm.so -LoadModule socache_dbm_module modules/mod_socache_dbm.so -LoadModule socache_memcache_module modules/mod_socache_memcache.so -LoadModule socache_shmcb_module modules/mod_socache_shmcb.so -LoadModule status_module modules/mod_status.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule unixd_module modules/mod_unixd.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule version_module modules/mod_version.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf deleted file mode 100644 index 7bfd1d4..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf +++ /dev/null @@ -1,19 +0,0 @@ -# Select the MPM module which should be used by uncommenting exactly -# one of the following LoadModule lines: - -# prefork MPM: Implements a non-threaded, pre-forking web server -# See: http://httpd.apache.org/docs/2.4/mod/prefork.html -LoadModule mpm_prefork_module modules/mod_mpm_prefork.so - -# worker MPM: Multi-Processing Module implementing a hybrid -# multi-threaded multi-process web server -# See: http://httpd.apache.org/docs/2.4/mod/worker.html -# -#LoadModule mpm_worker_module modules/mod_mpm_worker.so - -# event MPM: A variant of the worker MPM with the goal of consuming -# threads only for connections with active processing -# See: http://httpd.apache.org/docs/2.4/mod/event.html -# -#LoadModule mpm_event_module modules/mod_mpm_event.so - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf deleted file mode 100644 index b8003f4..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf +++ /dev/null @@ -1,4 +0,0 @@ -# This file configures all the proxy modules: -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_http_module modules/mod_proxy_http.so - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf deleted file mode 100644 index e6af8de..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf +++ /dev/null @@ -1,3 +0,0 @@ -LoadModule dav_module modules/mod_dav.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf deleted file mode 100644 index 9e0d0db..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule lua_module modules/mod_lua.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf deleted file mode 100644 index 70bda5e..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf +++ /dev/null @@ -1,20 +0,0 @@ -# -# This file lists modules included with the Apache HTTP Server -# which are not enabled by default. -# - -#LoadModule asis_module modules/mod_asis.so -#LoadModule buffer_module modules/mod_buffer.so -#LoadModule file_cache_module modules/mod_file_cache.so -#LoadModule watchdog_module modules/mod_watchdog.so -#LoadModule heartbeat_module modules/mod_heartbeat.so -#LoadModule heartmonitor_module modules/mod_heartmonitor.so -#LoadModule usertrack_module modules/mod_usertrack.so -#LoadModule dialup_module modules/mod_dialup.so -#LoadModule charset_lite_module modules/mod_charset_lite.so -#LoadModule log_debug_module modules/mod_log_debug.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule ratelimit_module modules/mod_ratelimit.so -#LoadModule reflector_module modules/mod_reflector.so -#LoadModule sed_module modules/mod_sed.so -#LoadModule speling_module modules/mod_speling.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf deleted file mode 100644 index cc0bca0..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf +++ /dev/null @@ -1,16 +0,0 @@ -# This file configures all the proxy modules: -LoadModule proxy_module modules/mod_proxy.so -LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so -LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so -LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so -LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_express_module modules/mod_proxy_express.so -LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so -LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf deleted file mode 100644 index 53235cd..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf +++ /dev/null @@ -1 +0,0 @@ -LoadModule ssl_module modules/mod_ssl.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf deleted file mode 100644 index b208c97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf +++ /dev/null @@ -1,2 +0,0 @@ -# This file configures systemd module: -LoadModule systemd_module modules/mod_systemd.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf deleted file mode 100644 index 5b8b936..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This configuration file loads a CGI module appropriate to the MPM -# which has been configured in 00-mpm.conf. mod_cgid should be used -# with a threaded MPM; mod_cgi with the prefork MPM. - -<IfModule mpm_worker_module> - LoadModule cgid_module modules/mod_cgid.so -</IfModule> -<IfModule mpm_event_module> - LoadModule cgid_module modules/mod_cgid.so -</IfModule> -<IfModule mpm_prefork_module> - LoadModule cgi_module modules/mod_cgi.so -</IfModule> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf deleted file mode 100644 index 88fcb97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf +++ /dev/null @@ -1,353 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information. -# In particular, see -# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html> -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to specify a local disk on the -# Mutex directive, if file-based mutexes are used. If you wish to share the -# same ServerRoot for multiple httpd daemons, you will need to change at -# least PidFile. -# -ServerRoot "/opt/rh/httpd24/root/etc/httpd" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 0.0.0.0:8080 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -Include conf.modules.d/*.conf - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User default -Group root - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# Deny access to the entirety of your server's filesystem. You must -# explicitly permit access to web content directories in other -# <Directory> blocks below. -# -<Directory /> - AllowOverride none - Require all denied -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/opt/rh/httpd24/root/var/www/html" - -# -# Relax access to content within /opt/rh/httpd24/root/var/www. -# -<Directory "/opt/rh/httpd24/root/var/www"> - AllowOverride None - # Allow open access: - Require all granted -</Directory> - -# Further relax access to the default document root: -<Directory "/opt/rh/httpd24/root/var/www/html"> - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.4/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride All - - # - # Controls who can get stuff from this server. - # - Require all granted -</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -<IfModule dir_module> - DirectoryIndex index.html -</IfModule> - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ".ht*"> - Require all denied -</Files> - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog |/usr/bin/cat - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -<IfModule log_config_module> - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - <IfModule logio_module> - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - </IfModule> - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a <VirtualHost> - # container, they will be logged here. Contrariwise, if you *do* - # define per-<VirtualHost> access logfiles, transactions will be - # logged therein and *not* in this file. - # - #CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - CustomLog |/usr/bin/cat combined -</IfModule> - -<IfModule alias_module> - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a <Directory> section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/opt/rh/httpd24/root/var/www/cgi-bin/" - -</IfModule> - -# -# "/opt/rh/httpd24/root/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "/opt/rh/httpd24/root/var/www/cgi-bin"> - AllowOverride None - Options None - Require all granted -</Directory> - -<IfModule mime_module> - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig /etc/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - AddType text/html .shtml - AddOutputFilter INCLUDES .shtml -</IfModule> - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -<IfModule mime_magic_module> - # - # The mod_mime_magic module allows the server to use various hints from the - # contents of the file itself to determine its type. The MIMEMagicFile - # directive tells the module where the hint definitions are located. - # - MIMEMagicFile conf/magic -</IfModule> - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall may be used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# Defaults if commented: EnableMMAP On, EnableSendfile Off -# -#EnableMMAP off -EnableSendfile on - -# Supplemental configuration -# -# Load config files in the "/etc/httpd/conf.d" directory, if any. -IncludeOptional conf.d/*.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic deleted file mode 100644 index 7c56119..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic +++ /dev/null @@ -1,385 +0,0 @@ -# Magic data for mod_mime_magic Apache module (originally for file(1) command) -# The module is described in /manual/mod/mod_mime_magic.html -# -# The format is 4-5 columns: -# Column #1: byte number to begin checking from, ">" indicates continuation -# Column #2: type of data to match -# Column #3: contents of data to match -# Column #4: MIME type of result -# Column #5: MIME encoding of result (optional) - -#------------------------------------------------------------------------------ -# Localstuff: file(1) magic for locally observed files -# Add any locally observed files here. - -#------------------------------------------------------------------------------ -# end local stuff -#------------------------------------------------------------------------------ - -#------------------------------------------------------------------------------ -# Java - -0 short 0xcafe ->2 short 0xbabe application/java - -#------------------------------------------------------------------------------ -# audio: file(1) magic for sound formats -# -# from Jan Nicolai Langfeldt <janl@ifi.uio.no>, -# - -# Sun/NeXT audio data -0 string .snd ->12 belong 1 audio/basic ->12 belong 2 audio/basic ->12 belong 3 audio/basic ->12 belong 4 audio/basic ->12 belong 5 audio/basic ->12 belong 6 audio/basic ->12 belong 7 audio/basic - ->12 belong 23 audio/x-adpcm - -# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format -# that uses little-endian encoding and has a different magic number -# (0x0064732E in little-endian encoding). -0 lelong 0x0064732E ->12 lelong 1 audio/x-dec-basic ->12 lelong 2 audio/x-dec-basic ->12 lelong 3 audio/x-dec-basic ->12 lelong 4 audio/x-dec-basic ->12 lelong 5 audio/x-dec-basic ->12 lelong 6 audio/x-dec-basic ->12 lelong 7 audio/x-dec-basic -# compressed (G.721 ADPCM) ->12 lelong 23 audio/x-dec-adpcm - -# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" -# AIFF audio data -8 string AIFF audio/x-aiff -# AIFF-C audio data -8 string AIFC audio/x-aiff -# IFF/8SVX audio data -8 string 8SVX audio/x-aiff - -# Creative Labs AUDIO stuff -# Standard MIDI data -0 string MThd audio/unknown -#>9 byte >0 (format %d) -#>11 byte >1 using %d channels -# Creative Music (CMF) data -0 string CTMF audio/unknown -# SoundBlaster instrument data -0 string SBI audio/unknown -# Creative Labs voice data -0 string Creative\ Voice\ File audio/unknown -## is this next line right? it came this way... -#>19 byte 0x1A -#>23 byte >0 - version %d -#>22 byte >0 \b.%d - -# [GRR 950115: is this also Creative Labs? Guessing that first line -# should be string instead of unknown-endian long...] -#0 long 0x4e54524b MultiTrack sound data -#0 string NTRK MultiTrack sound data -#>4 long x - version %ld - -# Microsoft WAVE format (*.wav) -# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] -# Microsoft RIFF -0 string RIFF audio/unknown -# - WAVE format ->8 string WAVE audio/x-wav -# MPEG audio. -0 beshort&0xfff0 0xfff0 audio/mpeg -# C64 SID Music files, from Linus Walleij <triad@df.lth.se> -0 string PSID audio/prs.sid - -#------------------------------------------------------------------------------ -# c-lang: file(1) magic for C programs or various scripts -# - -# XPM icons (Greg Roelofs, newt@uchicago.edu) -# ideally should go into "images", but entries below would tag XPM as C source -0 string /*\ XPM image/x-xbm 7bit - -# this first will upset you if you're a PL/1 shop... (are there any left?) -# in which case rm it; ascmagic will catch real C programs -# C or REXX program text -0 string /* text/plain -# C++ program text -0 string // text/plain - -#------------------------------------------------------------------------------ -# compress: file(1) magic for pure-compression formats (no archives) -# -# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. -# -# Formats for various forms of compressed data -# Formats for "compress" proper have been moved into "compress.c", -# because it tries to uncompress it to figure out what's inside. - -# standard unix compress -0 string \037\235 application/octet-stream x-compress - -# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) -0 string \037\213 application/octet-stream x-gzip - -# According to gzip.h, this is the correct byte order for packed data. -0 string \037\036 application/octet-stream -# -# This magic number is byte-order-independent. -# -0 short 017437 application/octet-stream - -# XXX - why *two* entries for "compacted data", one of which is -# byte-order independent, and one of which is byte-order dependent? -# -# compacted data -0 short 0x1fff application/octet-stream -0 string \377\037 application/octet-stream -# huf output -0 short 0145405 application/octet-stream - -# Squeeze and Crunch... -# These numbers were gleaned from the Unix versions of the programs to -# handle these formats. Note that I can only uncrunch, not crunch, and -# I didn't have a crunched file handy, so the crunch number is untested. -# Keith Waclena <keith@cerberus.uchicago.edu> -#0 leshort 0x76FF squeezed data (CP/M, DOS) -#0 leshort 0x76FE crunched data (CP/M, DOS) - -# Freeze -#0 string \037\237 Frozen file 2.1 -#0 string \037\236 Frozen file 1.0 (or gzip 0.5) - -# lzh? -#0 string \037\240 LZH compressed data - -#------------------------------------------------------------------------------ -# frame: file(1) magic for FrameMaker files -# -# This stuff came on a FrameMaker demo tape, most of which is -# copyright, but this file is "published" as witness the following: -# -0 string \<MakerFile application/x-frame -0 string \<MIFFile application/x-frame -0 string \<MakerDictionary application/x-frame -0 string \<MakerScreenFon application/x-frame -0 string \<MML application/x-frame -0 string \<Book application/x-frame -0 string \<Maker application/x-frame - -#------------------------------------------------------------------------------ -# html: file(1) magic for HTML (HyperText Markup Language) docs -# -# from Daniel Quinlan <quinlan@yggdrasil.com> -# and Anna Shergold <anna@inext.co.uk> -# -0 string \<!DOCTYPE\ HTML text/html -0 string \<!doctype\ html text/html -0 string \<HEAD text/html -0 string \<head text/html -0 string \<TITLE text/html -0 string \<title text/html -0 string \<html text/html -0 string \<HTML text/html -0 string \<!-- text/html -0 string \<h1 text/html -0 string \<H1 text/html - -# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se> -0 string \<?xml text/xml - -#------------------------------------------------------------------------------ -# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps) -# -# originally from jef@helios.ee.lbl.gov (Jef Poskanzer), -# additions by janl@ifi.uio.no as well as others. Jan also suggested -# merging several one- and two-line files into here. -# -# XXX - byte order for GIF and TIFF fields? -# [GRR: TIFF allows both byte orders; GIF is probably little-endian] -# - -# [GRR: what the hell is this doing in here?] -#0 string xbtoa btoa'd file - -# PBMPLUS -# PBM file -0 string P1 image/x-portable-bitmap 7bit -# PGM file -0 string P2 image/x-portable-greymap 7bit -# PPM file -0 string P3 image/x-portable-pixmap 7bit -# PBM "rawbits" file -0 string P4 image/x-portable-bitmap -# PGM "rawbits" file -0 string P5 image/x-portable-greymap -# PPM "rawbits" file -0 string P6 image/x-portable-pixmap - -# NIFF (Navy Interchange File Format, a modification of TIFF) -# [GRR: this *must* go before TIFF] -0 string IIN1 image/x-niff - -# TIFF and friends -# TIFF file, big-endian -0 string MM image/tiff -# TIFF file, little-endian -0 string II image/tiff - -# possible GIF replacements; none yet released! -# (Greg Roelofs, newt@uchicago.edu) -# -# GRR 950115: this was mine ("Zip GIF"): -# ZIF image (GIF+deflate alpha) -0 string GIF94z image/unknown -# -# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better): -# FGF image (GIF+deflate beta) -0 string FGF95a image/unknown -# -# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal -# (best; not yet implemented): -# PBF image (deflate compression) -0 string PBF image/unknown - -# GIF -0 string GIF image/gif - -# JPEG images -0 beshort 0xffd8 image/jpeg - -# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu) -0 string BM image/bmp -#>14 byte 12 (OS/2 1.x format) -#>14 byte 64 (OS/2 2.x format) -#>14 byte 40 (Windows 3.x format) -#0 string IC icon -#0 string PI pointer -#0 string CI color icon -#0 string CP color pointer -#0 string BA bitmap array - -0 string \x89PNG image/png -0 string FWS application/x-shockwave-flash -0 string CWS application/x-shockwave-flash - -#------------------------------------------------------------------------------ -# lisp: file(1) magic for lisp programs -# -# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) -0 string ;; text/plain 8bit -# Emacs 18 - this is always correct, but not very magical. -0 string \012( application/x-elc -# Emacs 19 -0 string ;ELC\023\000\000\000 application/x-elc - -#------------------------------------------------------------------------------ -# mail.news: file(1) magic for mail and news -# -# There are tests to ascmagic.c to cope with mail and news. -0 string Relay-Version: message/rfc822 7bit -0 string #!\ rnews message/rfc822 7bit -0 string N#!\ rnews message/rfc822 7bit -0 string Forward\ to message/rfc822 7bit -0 string Pipe\ to message/rfc822 7bit -0 string Return-Path: message/rfc822 7bit -0 string Path: message/news 8bit -0 string Xref: message/news 8bit -0 string From: message/rfc822 7bit -0 string Article message/news 8bit -#------------------------------------------------------------------------------ -# msword: file(1) magic for MS Word files -# -# Contributor claims: -# Reversed-engineered MS Word magic numbers -# - -0 string \376\067\0\043 application/msword -0 string \333\245-\0\0\0 application/msword - -# disable this one because it applies also to other -# Office/OLE documents for which msword is not correct. See PR#2608. -#0 string \320\317\021\340\241\261 application/msword - - - -#------------------------------------------------------------------------------ -# printer: file(1) magic for printer-formatted files -# - -# PostScript -0 string %! application/postscript -0 string \004%! application/postscript - -# Acrobat -# (due to clamen@cs.cmu.edu) -0 string %PDF- application/pdf - -#------------------------------------------------------------------------------ -# sc: file(1) magic for "sc" spreadsheet -# -38 string Spreadsheet application/x-sc - -#------------------------------------------------------------------------------ -# tex: file(1) magic for TeX files -# -# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) -# -# From <conklin@talisman.kaleida.com> - -# Although we may know the offset of certain text fields in TeX DVI -# and font files, we can't use them reliably because they are not -# zero terminated. [but we do anyway, christos] -0 string \367\002 application/x-dvi -#0 string \367\203 TeX generic font data -#0 string \367\131 TeX packed font data -#0 string \367\312 TeX virtual font data -#0 string This\ is\ TeX, TeX transcript text -#0 string This\ is\ METAFONT, METAFONT transcript text - -# There is no way to detect TeX Font Metric (*.tfm) files without -# breaking them apart and reading the data. The following patterns -# match most *.tfm files generated by METAFONT or afm2tfm. -#2 string \000\021 TeX font metric data -#2 string \000\022 TeX font metric data -#>34 string >\0 (%s) - -# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) -#0 string \\input\ texinfo Texinfo source text -#0 string This\ is\ Info\ file GNU Info text - -# correct TeX magic for Linux (and maybe more) -# from Peter Tobias (tobias@server.et-inf.fho-emden.de) -# -0 leshort 0x02f7 application/x-dvi - -# RTF - Rich Text Format -0 string {\\rtf application/rtf - -#------------------------------------------------------------------------------ -# animation: file(1) magic for animation/movie formats -# -# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) -# MPEG file -0 string \000\000\001\263 video/mpeg -# -# The contributor claims: -# I couldn't find a real magic number for these, however, this -# -appears- to work. Note that it might catch other files, too, -# so BE CAREFUL! -# -# Note that title and author appear in the two 20-byte chunks -# at decimal offsets 2 and 22, respectively, but they are XOR'ed with -# 255 (hex FF)! DL format SUCKS BIG ROCKS. -# -# DL file version 1 , medium format (160x100, 4 images/screen) -0 byte 1 video/unknown -0 byte 2 video/unknown -# Quicktime video, from Linus Walleij <triad@df.lth.se> -# from Apple quicktime file format documentation. -4 string moov video/quicktime -4 string mdat video/quicktime - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf deleted file mode 100644 index c581e97..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf +++ /dev/null @@ -1,93 +0,0 @@ -# -# Directives controlling the display of server-generated directory listings. -# -# Required modules: mod_autoindex, mod_alias -# -# To see the listing of a directory, the Options directive for the -# directory must include "Indexes", and the directory must not contain -# a file matching those listed in the DirectoryIndex directive. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing HTMLTable VersionSort - -# We include the /icons/ alias for FancyIndexed directory listings. If -# you do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/usr/local/apache2/icons/" - -<Directory "/usr/local/apache2/icons"> - Options Indexes MultiViews - AllowOverride None - Order allow,deny - Allow from all -</Directory> - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf deleted file mode 100644 index 29dfb72..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf +++ /dev/null @@ -1,52 +0,0 @@ -# -# Distributed authoring and versioning (WebDAV) -# -# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias -# mod_auth_digest, mod_authn_file -# - -# The following example gives DAV write access to a directory called -# "uploads" under the ServerRoot directory. -# -# The User/Group specified in httpd.conf needs to have write permissions -# on the directory where the DavLockDB is placed and on any directory where -# "Dav On" is specified. - -DavLockDB "/usr/local/apache2/var/DavLock" - -Alias /uploads "/usr/local/apache2/uploads" - -<Directory "/usr/local/apache2/uploads"> - Dav On - - Order Allow,Deny - Allow from all - - AuthType Digest - AuthName DAV-upload - - # You can use the htdigest program to create the password database: - # htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin - AuthUserFile "/usr/local/apache2/user.passwd" - AuthDigestProvider file - - # Allow universal read-access, but writes are restricted - # to the admin user. - <LimitExcept GET OPTIONS> - require user admin - </LimitExcept> -</Directory> - -# -# The following directives disable redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with several clients that do not appropriately handle -# redirects for folders with DAV methods. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf deleted file mode 100644 index efeca05..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf +++ /dev/null @@ -1,75 +0,0 @@ -# -# This configuration file reflects default settings for Apache HTTP Server. -# -# You may change these, but chances are that you may not need to. -# - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 300 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive On - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 5 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# ServerTokens -# This directive configures what you return as the Server HTTP response -# Header. The default is 'Full' which sends information about the OS-Type -# and compiled in modules. -# Set to one of: Full | OS | Minor | Minimal | Major | Prod -# where Full conveys the most information, and Prod the least. -# -ServerTokens Full - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf deleted file mode 100644 index db316c0..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf +++ /dev/null @@ -1,37 +0,0 @@ -# -# Get information about the requests being processed by the server -# and the configuration of the server. -# -# Required modules: mod_status (for the server-status handler), -# mod_info (for the server-info handler) - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. - -<Location /server-status> - SetHandler server-status - Order deny,allow - Deny from all - Allow from .example.com -</Location> - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -<Location /server-info> - SetHandler server-info - Order deny,allow - Deny from all - Allow from .example.com -</Location> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf deleted file mode 100644 index 7f66461..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf +++ /dev/null @@ -1,141 +0,0 @@ -# -# Settings for hosting different languages. -# -# Required modules: mod_mime, mod_negotiation - -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es) -# Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage tr .tr -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Commonly used filename extensions to character sets. You probably -# want to avoid clashes with the language extensions, unless you -# are good at carefully testing your setup after each change. -# See http://www.iana.org/assignments/character-sets for the -# official list of charset names and their respective RFCs. -# -AddCharset us-ascii.ascii .us-ascii -AddCharset ISO-8859-1 .iso8859-1 .latin1 -AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen -AddCharset ISO-8859-3 .iso8859-3 .latin3 -AddCharset ISO-8859-4 .iso8859-4 .latin4 -AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru -AddCharset ISO-8859-6 .iso8859-6 .arb .arabic -AddCharset ISO-8859-7 .iso8859-7 .grk .greek -AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew -AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk -AddCharset ISO-8859-10 .iso8859-10 .latin6 -AddCharset ISO-8859-13 .iso8859-13 -AddCharset ISO-8859-14 .iso8859-14 .latin8 -AddCharset ISO-8859-15 .iso8859-15 .latin9 -AddCharset ISO-8859-16 .iso8859-16 .latin10 -AddCharset ISO-2022-JP .iso2022-jp .jis -AddCharset ISO-2022-KR .iso2022-kr .kis -AddCharset ISO-2022-CN .iso2022-cn .cis -AddCharset Big5.Big5 .big5 .b5 -AddCharset cn-Big5 .cn-big5 -# For russian, more than one charset is used (depends on client, mostly): -AddCharset WINDOWS-1251 .cp-1251 .win-1251 -AddCharset CP866 .cp866 -AddCharset KOI8 .koi8 -AddCharset KOI8-E .koi8-e -AddCharset KOI8-r .koi8-r .koi8-ru -AddCharset KOI8-U .koi8-u -AddCharset KOI8-ru .koi8-uk .ua -AddCharset ISO-10646-UCS-2 .ucs2 -AddCharset ISO-10646-UCS-4 .ucs4 -AddCharset UTF-7 .utf7 -AddCharset UTF-8 .utf8 -AddCharset UTF-16 .utf16 -AddCharset UTF-16BE .utf16be -AddCharset UTF-16LE .utf16le -AddCharset UTF-32 .utf32 -AddCharset UTF-32BE .utf32be -AddCharset UTF-32LE .utf32le -AddCharset euc-cn .euc-cn -AddCharset euc-gb .euc-gb -AddCharset euc-jp .euc-jp -AddCharset euc-kr .euc-kr -#Not sure how euc-tw got in - IANA doesn't list it??? -AddCharset EUC-TW .euc-tw -AddCharset gb2312 .gb2312 .gb -AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2 -AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4 -AddCharset shift_jis .shift_jis .sjis diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf deleted file mode 100644 index fc12fb9..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf +++ /dev/null @@ -1,31 +0,0 @@ -# -# Provide access to the documentation on your server as -# http://yourserver.example.com/manual/ -# The documentation is always available at -# http://httpd.apache.org/docs/2.2/ -# -# Required modules: mod_alias, mod_setenvif, mod_negotiation -# - -AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "/usr/local/apache2/manual$1" - -<Directory "/usr/local/apache2/manual"> - Options Indexes - AllowOverride None - Order allow,deny - Allow from all - - <Files *.html> - SetHandler type-map - </Files> - # .tr is text/troff in mime.types! - <Files *.html.tr.utf8> - ForceType "text/html; charset=utf-8" - </Files> - - SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru|tr)/ prefer-language=$1 - RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru|tr)){2,}(/.*)?$ /manual/$1$2 - - LanguagePriority en de es fr ja ko pt-br ru tr - ForceLanguagePriority Prefer Fallback -</Directory> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf deleted file mode 100644 index 8c44c60..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf +++ /dev/null @@ -1,110 +0,0 @@ -# -# Server-Pool Management (MPM specific) -# - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. -# -# Note that this is the default PidFile for most MPMs. -# -<IfModule !mpm_netware_module> - PidFile "logs/httpd.pid" -</IfModule> - -# -# The accept serialization lock file MUST BE STORED ON A LOCAL DISK. -# -<IfModule !mpm_winnt_module> -<IfModule !mpm_netware_module> -LockFile "logs/accept.lock" -</IfModule> -</IfModule> - -# -# Only one of the below sections will be relevant on your -# installed httpd. Use "apachectl -l" to find out the -# active mpm. -# - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_prefork_module> - StartServers 5 - MinSpareServers 5 - MaxSpareServers 10 - MaxClients 150 - MaxRequestsPerChild 0 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_worker_module> - StartServers 2 - MaxClients 150 - MinSpareThreads 25 - MaxSpareThreads 75 - ThreadsPerChild 25 - MaxRequestsPerChild 0 -</IfModule> - -# BeOS MPM -# StartThreads: how many threads do we initially spawn? -# MaxClients: max number of threads we can have (1 thread == 1 client) -# MaxRequestsPerThread: maximum number of requests each thread will process -<IfModule mpm_beos_module> - StartThreads 10 - MaxClients 50 - MaxRequestsPerThread 10000 -</IfModule> - -# NetWare MPM -# ThreadStackSize: Stack size allocated for each worker thread -# StartThreads: Number of worker threads launched at server startup -# MinSpareThreads: Minimum number of idle threads, to handle request spikes -# MaxSpareThreads: Maximum number of idle threads -# MaxThreads: Maximum number of worker threads alive at the same time -# MaxRequestsPerChild: Maximum number of requests a thread serves. It is -# recommended that the default value of 0 be set for this -# directive on NetWare. This will allow the thread to -# continue to service requests indefinitely. -<IfModule mpm_netware_module> - ThreadStackSize 65536 - StartThreads 250 - MinSpareThreads 25 - MaxSpareThreads 250 - MaxThreads 1000 - MaxRequestsPerChild 0 - MaxMemFree 100 -</IfModule> - -# OS/2 MPM -# StartServers: Number of server processes to maintain -# MinSpareThreads: Minimum number of idle threads per process, -# to handle request spikes -# MaxSpareThreads: Maximum number of idle threads per process -# MaxRequestsPerChild: Maximum number of connections per server process -<IfModule mpm_mpmt_os2_module> - StartServers 2 - MinSpareThreads 5 - MaxSpareThreads 10 - MaxRequestsPerChild 0 -</IfModule> - -# WinNT MPM -# ThreadsPerChild: constant number of worker threads in the server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule mpm_winnt_module> - ThreadsPerChild 150 - MaxRequestsPerChild 0 -</IfModule> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf deleted file mode 100644 index 8ff9a45..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf +++ /dev/null @@ -1,52 +0,0 @@ -# -# The configuration below implements multi-language error documents through -# content-negotiation. -# -# Required modules: mod_alias, mod_include, mod_negotiation -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /usr/local/apache2/error/include/ files and copying them to /your/include/path/, -# even on a per-VirtualHost basis. The default include files will display -# your Apache version number and your ServerAdmin email address regardless -# of the setting of ServerSignature. - -Alias /error/ "/usr/local/apache2/error/" - -<Directory "/usr/local/apache2/error"> - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr - ForceLanguagePriority Prefer Fallback -</Directory> - -ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -ErrorDocument 410 /error/HTTP_GONE.html.var -ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf deleted file mode 100644 index 51f3784..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf +++ /dev/null @@ -1,269 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailed information about these -# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -# -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the SSL library. -# The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -# -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed startup file:/dev/urandom 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - - -# -# When we also provide SSL we have to listen to the -# standard HTTP port (see above) and to the HTTPS port -# -# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two -# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443" -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate, -# and that httpd will negotiate as the client of a proxied server. -# See the OpenSSL documentation for a complete list of ciphers, and -# ensure these follow appropriate best practices for this deployment. -# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers, -# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a. -SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4 -SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4 - -# By the end of 2016, only TLSv1.2 ciphers should remain in use. -# Older ciphers should be disallowed as soon as possible, while the -# kRSA ciphers do not offer forward secrecy. These changes inhibit -# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy -# non-browser tooling) from successfully connecting. -# -# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable -# those protocols which do not support forward secrecy, replace -# the SSLCipherSuite and SSLProxyCipherSuite directives above with -# the following two directives, as soon as practical. -# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA -# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA - -# User agents such as web browsers are not configured for the user's -# own preference of either security or performance, therefore this -# must be the prerogative of the web server administrator who manages -# cpu load versus confidentiality, so enforce the server's cipher order. -SSLHonorCipherOrder on - -# SSL Protocol support: -# List the protocol versions which clients are allowed to connect with. -# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0) -# should be disabled as quickly as practical. By the end of 2016, only -# the TLSv1.2 protocol or later should remain in use. -SSLProtocol all -SSLv2 -SSLv3 -SSLProxyProtocol all -SSLv2 -SSLv3 - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache" -SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex "file:/usr/local/apache2/logs/ssl_mutex" - -## -## SSL Virtual Host Context -## - -<VirtualHost _default_:443> - -# General setup for the virtual host -DocumentRoot "/usr/local/apache2/htdocs" -ServerName www.example.com:443 -ServerAdmin you@example.com -ErrorLog "/usr/local/apache2/logs/error_log" -TransferLog "/usr/local/apache2/logs/access_log" - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -SSLEngine on - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. Keep -# in mind that if you have both an RSA and a DSA certificate you -# can configure both in parallel (to also allow the use of DSA -# ciphers, etc.) -# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) -# require an ECC certificate which can also be configured in -# parallel. -SSLCertificateFile "/usr/local/apache2/conf/server.crt" -#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt" -#SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt" - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -# ECC keys, when in use, can also be configured in parallel -SSLCertificateKeyFile "/usr/local/apache2/conf/server.key" -#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key" -#SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key" - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convenience. -#SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt" - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -# Note: Inside SSLCACertificatePath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt" -#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt" - -# Certificate Revocation Lists (CRL): -# Set the CA revocation path where to find CA CRLs for client -# authentication or alternatively one huge file containing all -# of them (file must be PEM encoded) -# Note: Inside SSLCARevocationPath you need hash symlinks -# to point to the certificate files. Use the provided -# Makefile to update the hash symlinks after changes. -#SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl" -#SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl" - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -<FilesMatch "\.(cgi|shtml|phtml|php)$"> - SSLOptions +StdEnvVars -</FilesMatch> -<Directory "/usr/local/apache2/cgi-bin"> - SSLOptions +StdEnvVars -</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is sent or allowed to be received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -BrowserMatch "MSIE [2-5]" \ - nokeepalive ssl-unclean-shutdown \ - downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -CustomLog "/usr/local/apache2/logs/ssl_request_log" \ - "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -</VirtualHost> diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf deleted file mode 100644 index 567bd6d..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf +++ /dev/null @@ -1,28 +0,0 @@ -# Settings for user home directories -# -# Required module: mod_userdir - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. Note that you must also set -# the default access control for these directories, as in the example below. -# -UserDir public_html - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -<Directory "/home/*/public_html"> - AllowOverride FileInfo AuthConfig Limit Indexes - Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec - <Limit GET POST OPTIONS> - Order allow,deny - Allow from all - </Limit> - <LimitExcept GET POST OPTIONS> - Order deny,allow - Deny from all - </LimitExcept> -</Directory> - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf deleted file mode 100644 index 12995e2..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf +++ /dev/null @@ -1,45 +0,0 @@ -# -# Virtual Hosts -# -# If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs/2.2/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -NameVirtualHost *:80 - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for all requests that do not -# match a ServerName or ServerAlias in any <VirtualHost> block. -# -<VirtualHost *:8080> - ServerAdmin webmaster@dummy-host.example.com - DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com" - ServerName dummy-host.example.com - ServerAlias www.dummy-host.example.com - ErrorLog "logs/dummy-host.example.com-error_log" - CustomLog "logs/dummy-host.example.com-access_log" common -</VirtualHost> - -<VirtualHost *:8080> - ServerAdmin webmaster@dummy-host2.example.com - DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com" - ServerName dummy-host2.example.com - ErrorLog "logs/dummy-host2.example.com-error_log" - CustomLog "logs/dummy-host2.example.com-access_log" common -</VirtualHost> - - - diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf deleted file mode 100644 index 8724924..0000000 --- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf +++ /dev/null @@ -1,494 +0,0 @@ -# -# This is the main Apache HTTP server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.2> for detailed information. -# In particular, see -# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> -# for a discussion of each configuration directive. -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so 'log/access_log' -# with ServerRoot set to '/www' will be interpreted by the -# server as '/www/log/access_log', where as '/log/access_log' will be -# interpreted as '/log/access_log'. - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# Do not add a slash at the end of the directory path. If you point -# ServerRoot at a non-local disk, be sure to point the LockFile directive -# at a local disk. If you wish to share the same ServerRoot for multiple -# httpd daemons, you will need to change at least LockFile and PidFile. -# -ServerRoot "/usr/local/apache2" - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, instead of the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses. -# -#Listen 12.34.56.78:80 -Listen 8080 - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbd_module modules/mod_authn_dbd.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule file_cache_module modules/mod_file_cache.so -LoadModule cache_module modules/mod_cache.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule mem_cache_module modules/mod_mem_cache.so -LoadModule dbd_module modules/mod_dbd.so -LoadModule dumpio_module modules/mod_dumpio.so -LoadModule reqtimeout_module modules/mod_reqtimeout.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule include_module modules/mod_include.so -LoadModule filter_module modules/mod_filter.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule charset_lite_module modules/mod_charset_lite.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule log_forensic_module modules/mod_log_forensic.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule cern_meta_module modules/mod_cern_meta.so -LoadModule expires_module modules/mod_expires.so -LoadModule headers_module modules/mod_headers.so -LoadModule ident_module modules/mod_ident.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule unique_id_module modules/mod_unique_id.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule version_module modules/mod_version.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_scgi_module modules/mod_proxy_scgi.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule ssl_module modules/mod_ssl.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule asis_module modules/mod_asis.so -LoadModule info_module modules/mod_info.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule dav_lock_module modules/mod_dav_lock.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule imagemap_module modules/mod_imagemap.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule rewrite_module modules/mod_rewrite.so - -<IfModule !mpm_netware_module> -<IfModule !mpm_winnt_module> -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# It is usually good practice to create a dedicated user and group for -# running httpd, as with most system services. -# -User daemon -Group daemon - -</IfModule> -</IfModule> - -# 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin@your-domain.com -# -ServerAdmin you@example.com - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# -#ServerName www.example.com:80 - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/usr/local/apache2/htdocs" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride None - Order deny,allow - Deny from all -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "/usr/local/apache2/htdocs"> - # - # Possible values for the Options directive are "None", "All", - # or any combination of: - # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews - # - # Note that "MultiViews" must be named *explicitly* --- "Options All" - # doesn't give it to you. - # - # The Options directive is both complicated and important. Please see - # http://httpd.apache.org/docs/2.2/mod/core.html#options - # for more information. - # - Options Indexes FollowSymLinks - - # - # AllowOverride controls what directives may be placed in .htaccess files. - # It can be "All", "None", or any combination of the keywords: - # Options FileInfo AuthConfig Limit - # - AllowOverride None - - # - # Controls who can get stuff from this server. - # - Order allow,deny - Allow from all - -</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -<IfModule dir_module> - DirectoryIndex index.html -</IfModule> - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<FilesMatch "^\.ht"> - Order allow,deny - Deny from all - Satisfy All -</FilesMatch> - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog "logs/error_log" - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -<IfModule log_config_module> - # - # The following directives define some format nicknames for use with - # a CustomLog directive (see below). - # - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined - LogFormat "%h %l %u %t \"%r\" %>s %b" common - - <IfModule logio_module> - # You need to enable mod_logio.c to use %I and %O - LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - </IfModule> - - # - # The location and format of the access logfile (Common Logfile Format). - # If you do not define any access logfiles within a <VirtualHost> - # container, they will be logged here. Contrariwise, if you *do* - # define per-<VirtualHost> access logfiles, transactions will be - # logged therein and *not* in this file. - # - CustomLog "logs/access_log" common - - # - # If you prefer a logfile with access, agent, and referer information - # (Combined Logfile Format) you can use the following directive. - # - #CustomLog "logs/access_log" combined -</IfModule> - -<IfModule alias_module> - # - # Redirect: Allows you to tell clients about documents that used to - # exist in your server's namespace, but do not anymore. The client - # will make a new request for the document at its new location. - # Example: - # Redirect permanent /foo http://www.example.com/bar - - # - # Alias: Maps web paths into filesystem paths and is used to - # access content that does not live under the DocumentRoot. - # Example: - # Alias /webpath /full/filesystem/path - # - # If you include a trailing / on /webpath then the server will - # require it to be present in the URL. You will also likely - # need to provide a <Directory> section to allow access to - # the filesystem path. - - # - # ScriptAlias: This controls which directories contain server scripts. - # ScriptAliases are essentially the same as Aliases, except that - # documents in the target directory are treated as applications and - # run by the server when requested rather than as documents sent to the - # client. The same rules about trailing "/" apply to ScriptAlias - # directives as to Alias. - # - ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/" - -</IfModule> - -<IfModule cgid_module> - # - # ScriptSock: On threaded servers, designate the path to the UNIX - # socket used to communicate with the CGI daemon of mod_cgid. - # - #Scriptsock logs/cgisock -</IfModule> - -# -# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "/usr/local/apache2/cgi-bin"> - AllowOverride None - Options None - Order allow,deny - Allow from all -</Directory> - -# -# DefaultType: the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -<IfModule headers_module> - # - # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied - # backend servers which have lingering "httpoxy" defects. - # 'Proxy' request header is undefined by the IETF, not listed by IANA - # - RequestHeader unset Proxy early -</IfModule> - -<IfModule mime_module> - # - # TypesConfig points to the file containing the list of mappings from - # filename extension to MIME-type. - # - TypesConfig conf/mime.types - - # - # AddType allows you to add to or override the MIME configuration - # file specified in TypesConfig for specific file types. - # - #AddType application/x-gzip .tgz - # - # AddEncoding allows you to have certain browsers uncompress - # information on the fly. Note: Not all browsers support this. - # - #AddEncoding x-compress .Z - #AddEncoding x-gzip .gz .tgz - # - # If the AddEncoding directives above are commented-out, then you - # probably should define those extensions to indicate media types: - # - AddType application/x-compress .Z - AddType application/x-gzip .gz .tgz - - # - # AddHandler allows you to map certain file extensions to "handlers": - # actions unrelated to filetype. These can be either built into the server - # or added with the Action directive (see below) - # - # To use CGI scripts outside of ScriptAliased directories: - # (You will also need to add "ExecCGI" to the "Options" directive.) - # - #AddHandler cgi-script .cgi - - # For type maps (negotiated resources): - #AddHandler type-map var - - # - # Filters allow you to process content before it is sent to the client. - # - # To parse .shtml files for server-side includes (SSI): - # (You will also need to add "Includes" to the "Options" directive.) - # - #AddType text/html .shtml - #AddOutputFilter INCLUDES .shtml -</IfModule> - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -#MIMEMagicFile conf/magic - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# MaxRanges: Maximum number of Ranges in a request before -# returning the entire resource, or one of the special -# values 'default', 'none' or 'unlimited'. -# Default setting is to accept 200 Ranges. -#MaxRanges unlimited - -# -# EnableMMAP and EnableSendfile: On systems that support it, -# memory-mapping or the sendfile syscall is used to deliver -# files. This usually improves server performance, but must -# be turned off when serving from networked-mounted -# filesystems or if support for these functions is otherwise -# broken on your system. -# -#EnableMMAP off -#EnableSendfile off - -# Supplemental configuration -# -# The configuration files in the conf/extra/ directory can be -# included to add extra features or to modify the default configuration of -# the server, or you may simply copy their contents here and change as -# necessary. - -# Server-pool management (MPM specific) -#Include conf/extra/httpd-mpm.conf - -# Multi-language error messages -#Include conf/extra/httpd-multilang-errordoc.conf - -# Fancy directory listings -#Include conf/extra/httpd-autoindex.conf - -# Language settings -#Include conf/extra/httpd-languages.conf - -# User home directories -#Include conf/extra/httpd-userdir.conf - -# Real-time info on requests and configuration -#Include conf/extra/httpd-info.conf - -# Virtual hosts -#Include conf/extra/httpd-vhosts.conf - -# Local access to the Apache HTTP Server Manual -#Include conf/extra/httpd-manual.conf - -# Distributed authoring and versioning (WebDAV) -#Include conf/extra/httpd-dav.conf - -# Various default settings -#Include conf/extra/httpd-default.conf - -# Secure (SSL/TLS) connections -#Include conf/extra/httpd-ssl.conf -# -# Note: The following must must be present to support -# starting without SSL on platforms with no /dev/random equivalent -# but a statically compiled-in mod_ssl. -# -<IfModule ssl_module> -SSLRandomSeed startup builtin -SSLRandomSeed connect builtin -</IfModule> diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl deleted file mode 100644 index d155267..0000000 --- a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl +++ /dev/null @@ -1,43 +0,0 @@ ---- -allowHostDirVolumePlugin: false -allowHostIPC: false -allowHostNetwork: false -allowHostPID: false -allowHostPorts: false -allowPrivilegedContainer: false -allowedCapabilities: null -apiVersion: v1 -defaultAddCapabilities: null -fsGroup: - type: MustRunAs -groups: -- system:authenticated -kind: SecurityContextConstraints -metadata: - annotations: - kubernetes.io/description: restricted denies access to all host features and requires - pods to be run with a UID, and SELinux context that are allocated to the namespace. This - is the most restrictive SCC. - creationTimestamp: null - name: katrin-restricted -priority: null -readOnlyRootFilesystem: false -requiredDropCapabilities: -- KILL -- MKNOD -- SYS_CHROOT -- SETUID -- SETGID -runAsUser: - type: MustRunAsRange -seLinuxContext: - type: MustRunAs -supplementalGroups: - type: RunAsAny -volumes: -- glusterfs -- configMap -- downwardAPI -- emptyDir -- persistentVolumeClaim -- secret diff --git a/setup/projects/katrin/templates/40-kaas-manager.yml.j2 b/setup/projects/katrin/templates/40-kaas-manager.yml.j2 new file mode 120000 index 0000000..b7233ad --- /dev/null +++ b/setup/projects/katrin/templates/40-kaas-manager.yml.j2 @@ -0,0 +1 @@ +../../kaas/templates/40-kaas-manager.yml.j2
\ No newline at end of file diff --git a/setup/projects/katrin/templates/katrin.yml.j2.bk b/setup/projects/katrin/templates/katrin.yml.j2.bk deleted file mode 100644 index 5d032b3..0000000 --- a/setup/projects/katrin/templates/katrin.yml.j2.bk +++ /dev/null @@ -1,135 +0,0 @@ ---- -apiVersion: v1 -kind: Template -metadata: - name: kaas - annotations: - descriptions: "KATRIN Routing Service" -objects: - - apiVersion: v1 - kind: Service - metadata: - name: kaas - spec: - selector: - name: kaas - ports: - - name: http - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - apiVersion: v1 - kind: Route - metadata: - name: kaas - spec: - host: {{ kaas_project_config.katrin_node }} - to: - kind: Service - name: kaas - port: - targetPort: http - tls: - termination: edge - insecureEdgeTerminationPolicy: Allow - certificate: |- - -----BEGIN CERTIFICATE----- - MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV - BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK - DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN - MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG - A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD - VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B - AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I - ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU - GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n - qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH - DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3 - 060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV - HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu - cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL - ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x - G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs - WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6 - /ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE - qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp - j5rXZ3Oda5tHYrnPsA== - -----END CERTIFICATE----- - key: |- - -----BEGIN PRIVATE KEY----- - MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIn36cpuErgBpX - JUf+OYDE8UL+jayF6OYUv2MgTgivKt2eKt6nFyC93bFylNh45vlMwooW0map5beM - 84HeMATIvO+7LVpjB38M3HgD1VQY7ayF2qM8xoE6TgqOyNme37y2hYl4AFiwnicB - OlszSKORfpGpChFuiJopaW+jXSeox8aZCMxH6ULm6EXmFaEfAP6o+KAQUZiKzvd2 - AUOHJ1+XinM9cHJK/iEzjMe8cccM7RCKkYjHCYyvDhT/Liyc3WEMI8UMk3dZ6Eri - W3u0PwRrVXCKQIuHZ5n6/3gFALfTrSEcgLiUSG1NoOw1esYjDOpU/1M+45UQ6AQC - PHI3XYPTAgMBAAECggEAFFXubIyR2Gn0wY6a3I8RmWTnKIxNx4kTAVlg/95JDRBo - RGcOCJvUispU+UtTIfYvoPM7MhMDqwcI8vWf3Vi6s2pLVorDVbRl0XTriV/vVVOK - IEtILpnkcXeFpHGBdZQyOcIRbCOE2eo+A+bZZbpgMhhFRYAqwiyAi+APG90ObxIb - AqTEeTyztqyrKfnTdr50owL2KT7adS6XuSUNX681IJc+szbQ7piXN57Kdxd2PydM - JnSZAOBpQHkbiOEDUseeDjYRT23loeMIS7nWTwo1Y1LwsEKL5S7C0fKBfZV9xARw - TntGuM87HzbAk4535We8qW3t/5EqpzurgK7u9/PEEQKBgQDjy8CjDdobGK9+VUDg - iHbANbzEB4LrpVJiE+esr0iLXOoMdfTPwpd4XpbPPOjx/A9+6VfpdGt1EdZwLMpy - qryPW0iumsri3iPSVBS79mN6WmwYhNOcOTWlmbs4pEhubht9aNBi7rZ7QZgV3PLN - 7YBZHzxfyxTcIBCAzzoF7zaUeQKBgQDhdneOijWAYx0AMKTBzJw52KO/gloTDl9M - mOhvUIuYxkUE/mDE5EqI6k9VkbAqUvlD3z2S7yNY+h2hldO+u3w8GPo+bTCMyNDB - 0tQGCZnbKl8mfmItUlTyJ/MmNbanmYI2VmhDTMh6S8d8qKW9txXfDEXrzY2p7z/X - gRF3Ow9PqwKBgGw7CMHv+Ora5bbehr6n19QnNBLnhrqzh9r1niOb/JnKgaF+Ad0c - lZ8pQfog9ITUwAAKmixflha/bOVLQr0Mhh6Ovo/HGBKGfPqX3GoZ/NXLVISpx2j4 - fZa63gthctCVHBaP0ELRLH6PgdURb4OMDmlJwAO7l6Om0HCDBQyAxavxAoGAZPUJ - QBh/MIgxGj6t5+HZKsXpPP3/m3zaC5CEtCOa/sP5b+0AI+odvgU9lRFxkuIon828 - 4qiWaWdGEW7nrAaD8N02YPG/xaq+X6wqKLHv5QWqKbB6AdVWGEDvTfLLYW0Js48p - jMk7FBgOsbFK1hK/hmsWfCpE/w0Ux0kSKxOVHZUCgYEA41rhW18+KdxJyQTZaQRV - 0KQr8/30L116XYYTYrkILa6504nXMr7xSHuMxaPNl20b/sBz8a8VuKJt2CLZQ0Q3 - oW3GAG2Fk+mvrauLriiJ2KgZkS5IJweJKHbIk1GQrucNArNojk9unrqN8wpa3Ywo - 9GafqnfUGu+FVd1CKolicSA= - -----END PRIVATE KEY----- - - apiVersion: v1 - kind: DeploymentConfig - metadata: - name: kaas - spec: - replicas: 1 - selector: - name: kaas - template: - metadata: - name: kaas - labels: - name: kaas - strategy: - type: Rolling - triggers: - - type: ConfigChange - spec: - nodeSelector: - master: "1" - containers: - - name: kaas - image: centos/httpd-24-centos7 - imagePullPolicy: Always - ports: - - containerPort: 8080 - - containerPort: 8443 - volumeMounts: - - name: config - subPath: etc/apache2-kaas - mountPath: /etc/httpd - - name: config - subPath: log/apache2-kaas - mountPath: /var/log/httpd24 - - name: config - subPath: htdocs/kaas - mountPath: /opt/rh/httpd24/root/var/www/html - livenessProbe: - timeoutSeconds: 1 - initialDelaySeconds: 3 - httpGet: - path: /index.html - port: 8080 - volumes: - - name: config - persistentVolumeClaim: - claimName: openshift diff --git a/setup/projects/katrin/vars/katrin.yml b/setup/projects/katrin/vars/katrin.yml deleted file mode 100644 index c825654..0000000 --- a/setup/projects/katrin/vars/katrin.yml +++ /dev/null @@ -1,7 +0,0 @@ -#katrin_openshift_volumes: -#adei_openshift_volumes: - -#volumes: "{{ ands_openshift_volumes | combine (katrin_openshift_volumes, adei_openshift_volumes) }}" -#files: "{{ ands_openshift_files | union([]) }}" -#file_owner: katrin -#file_group: katrin
\ No newline at end of file diff --git a/setup/projects/katrin/vars/pods.yml b/setup/projects/katrin/vars/pods.yml deleted file mode 100644 index 1334242..0000000 --- a/setup/projects/katrin/vars/pods.yml +++ /dev/null @@ -1,42 +0,0 @@ -# First port is exposed - -pods: - kaas: - variant: "{{ ands_prefer_docker | default(false) | ternary('docker', 'centos') }}" - centos: - service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } - sched: { replicas: 1, selector: { master: 1 } } - selector: { master: 1 } - images: - - image: "centos/httpd-24-centos7" - mappings: - - { name: "etc", path: "apache2-kaas-centos", mount: "/etc/httpd" } - - { name: "www", path: "kaas", mount: "/opt/rh/httpd24/root/var/www/html" } - - { name: "log", path: "apache2-kaas", mount: "/var/log/httpd24" } - probes: - - { port: 8080, path: '/index.html' } - docker: - service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } - sched: { replicas: 1, selector: { master: 1 } } - selector: { master: 1 } - images: - - image: "httpd:2.2" - mappings: - - { name: "etc", path: "apache2-kaas-docker", mount: "/usr/local/apache2/conf" } - - { name: "www", path: "kaas", mount: "/usr/local/apache2/htdocs" } - - { name: "log", path: "apache2-kaas", mount: "/usr/local/apache2/logs" } - probes: - - { port: 8080, path: '/index.html' } - -#pods: -# kaas: "{{ kaas_project_config.pod_variants[ ands_prefer_docker | default(false) | ternary(1, 0) ] }}" - - - -#oc: -# - template: "[0-3]*" -# - template: "[4-6]*" -# - resource: "route/apache" -# oc: "expose svc/kaas --name apache --hostname=apache.{{ openshift_master_default_subdomain }}" -# - template: "*" -
\ No newline at end of file diff --git a/setup/projects/katrin/vars/volumes.yml b/setup/projects/katrin/vars/volumes.yml new file mode 100644 index 0000000..ca22a28 --- /dev/null +++ b/setup/projects/katrin/vars/volumes.yml @@ -0,0 +1,11 @@ +gids: + katrin: { id: 5000 } + +extra_volumes: + katrin: { volume: "katrin_data", path: "/", capacity: "40Ti", write: true } + +files: + - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "0775" } + +#resync: true +#sync_set_gid: katrin |