From e7ed329bd81c2273c03e94c93c9ce9c1d01cdc86 Mon Sep 17 00:00:00 2001 From: "Suren A. Chilingaryan" Date: Sat, 1 Apr 2017 04:53:28 +0200 Subject: Initial import --- setup/configs/labels.yml | 6 + setup/configs/openshift.yml | 12 + setup/configs/secrets.yml | 10 + setup/configs/volumes.yml | 37 ++ .../katrin/files/etc/apache2-kaas/conf.d/README | 9 + .../files/etc/apache2-kaas/conf.d/autoindex.conf | 94 +++++ .../katrin/files/etc/apache2-kaas/conf.d/ssl.conf | 217 ++++++++++++ .../files/etc/apache2-kaas/conf.d/userdir.conf | 36 ++ .../files/etc/apache2-kaas/conf.d/welcome.conf | 18 + .../etc/apache2-kaas/conf.modules.d/00-base.conf | 67 ++++ .../etc/apache2-kaas/conf.modules.d/00-dav.conf | 3 + .../etc/apache2-kaas/conf.modules.d/00-lua.conf | 1 + .../etc/apache2-kaas/conf.modules.d/00-mpm.conf | 19 + .../apache2-kaas/conf.modules.d/00-optional.conf | 20 ++ .../etc/apache2-kaas/conf.modules.d/00-proxy.conf | 16 + .../etc/apache2-kaas/conf.modules.d/00-ssl.conf | 1 + .../apache2-kaas/conf.modules.d/00-systemd.conf | 2 + .../etc/apache2-kaas/conf.modules.d/01-cgi.conf | 14 + .../katrin/files/etc/apache2-kaas/conf/httpd.conf | 353 +++++++++++++++++++ .../katrin/files/etc/apache2-kaas/conf/magic | 385 +++++++++++++++++++++ setup/projects/katrin/files/etc/apache2-kaas/logs | 1 + .../projects/katrin/files/etc/apache2-kaas/modules | 1 + setup/projects/katrin/files/etc/apache2-kaas/run | 1 + setup/projects/katrin/files/www/kaas/index.html | 1 + setup/projects/katrin/keys/kaas.crt | 22 ++ setup/projects/katrin/keys/kaas.key | 90 +++++ .../templates/00-katrin-restricted.yml.j2.excl | 43 +++ setup/projects/katrin/templates/katrin.yml.j2.bk | 135 ++++++++ setup/projects/katrin/vars/globals.yml | 2 + setup/projects/katrin/vars/katrin.yml | 7 + setup/projects/katrin/vars/pods.yml | 22 ++ setup/users/htpasswd | 3 + setup/users/users.yml | 1 + 33 files changed, 1649 insertions(+) create mode 100644 setup/configs/labels.yml create mode 100644 setup/configs/openshift.yml create mode 100644 setup/configs/secrets.yml create mode 100644 setup/configs/volumes.yml create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.d/README create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf create mode 100644 setup/projects/katrin/files/etc/apache2-kaas/conf/magic create mode 120000 setup/projects/katrin/files/etc/apache2-kaas/logs create mode 120000 setup/projects/katrin/files/etc/apache2-kaas/modules create mode 120000 setup/projects/katrin/files/etc/apache2-kaas/run create mode 100644 setup/projects/katrin/files/www/kaas/index.html create mode 100644 setup/projects/katrin/keys/kaas.crt create mode 100644 setup/projects/katrin/keys/kaas.key create mode 100644 setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl create mode 100644 setup/projects/katrin/templates/katrin.yml.j2.bk create mode 100644 setup/projects/katrin/vars/globals.yml create mode 100644 setup/projects/katrin/vars/katrin.yml create mode 100644 setup/projects/katrin/vars/pods.yml create mode 100644 setup/users/htpasswd create mode 120000 setup/users/users.yml (limited to 'setup') diff --git a/setup/configs/labels.yml b/setup/configs/labels.yml new file mode 100644 index 0000000..1c5f19f --- /dev/null +++ b/setup/configs/labels.yml @@ -0,0 +1,6 @@ +--- +ands_openshift_labels: + region: "infra" + zone: "default" + master: "{{ ( 'masters' in group_names ) | ternary(1, 0) }}" + fat_storage: "{{ ( 'storage_nodes' in group_names ) | ternary(1, 0) }}" diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml new file mode 100644 index 0000000..eb3af3e --- /dev/null +++ b/setup/configs/openshift.yml @@ -0,0 +1,12 @@ +--- +ands_openshift_projects: + katrin: KArlsruhe TRItium Neutrino + +ands_openshift_users: + pdv: IPE Administation Account + katrin: KATRIN Project + csa: Suren A. Chilingaryan + +ands_openshift_roles: + cluster-admin: csa, pdv + katrin/admin: katrin diff --git a/setup/configs/secrets.yml b/setup/configs/secrets.yml new file mode 100644 index 0000000..5005be0 --- /dev/null +++ b/setup/configs/secrets.yml @@ -0,0 +1,10 @@ +$ANSIBLE_VAULT;1.1;AES256 +30383738386265633133306363326639656331333736303966633133333661383561373533303966 +6361396564626437656237663035616461656661316265610a306336373231616136393330616632 +39376265346133303332363235303635383239336463633234616261643161643639313732313536 +3264636131353136640a623238663037336261303063313564303665386561643030373064356536 +61633136393138656533336563346635656531376161376639656436343437326538366336643734 +35363464646131316366626234613737366633626166376339313832646239626265333637613261 +32353535356537323533373831396138326239643937623865613731373165393633626331623839 +66323039393136313431383264633731653965386261613336376263396531333862306562313337 +38346465613831613566353233346634373032663537353633643330363136343264 diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml new file mode 100644 index 0000000..2546f1c --- /dev/null +++ b/setup/configs/volumes.yml @@ -0,0 +1,37 @@ +--- +ands_paths: + provision: /mnt/provision + openshift: /mnt/openshift + temporary: /mnt/temporary + +ands_heketi_domain: + servers: "storage_nodes" + volumes: + heketidbstorage: { type: "cfg" } + +ands_storage_domains: + - servers: "ands_storage_servers" + clients: "ands_servers" + volumes: + provision: { type: "cfg", mount: "{{ ands_paths.provision }}" } + - servers: "storage_nodes" + clients: "nodes" + volumes: + openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" } + temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" } +# - ovirt: +# - pdv: + + +# Per project list (to distribute in multiple namespaces later) +ands_openshift_volumes: + etc: { volume: "openshift", path: "/etc" } + src: { volume: "openshift", path: "/src" } + www: { volume: "openshift", path: "/www" } + log: { volume: "temporary", path: "/log", write: true} + tmp: { volume: "temporary", path: "/tmp", write: true} + + +# Global list, we only take things from the volume of project +ands_openshift_files: + - { osv: "etc", path: "apache2-kaas", state: "directory" } diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/README b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/README new file mode 100644 index 0000000..f5e9661 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/README @@ -0,0 +1,9 @@ + +This directory holds configuration files for the Apache HTTP Server; +any files in this directory which have the ".conf" extension will be +processed as httpd configuration files. The directory is used in +addition to the directory /etc/httpd/conf.modules.d/, which contains +configuration files necessary to load modules. + +Files are processed in alphabetical order. + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf new file mode 100644 index 0000000..55f658e --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf @@ -0,0 +1,94 @@ +# +# Directives controlling the display of server-generated directory listings. +# +# Required modules: mod_authz_core, mod_authz_host, +# mod_autoindex, mod_alias +# +# To see the listing of a directory, the Options directive for the +# directory must include "Indexes", and the directory must not contain +# a file matching those listed in the DirectoryIndex directive. +# + +# +# IndexOptions: Controls the appearance of server-generated directory +# listings. +# +IndexOptions FancyIndexing HTMLTable VersionSort + +# We include the /icons/ alias for FancyIndexed directory listings. If +# you do not use FancyIndexing, you may comment this out. +# +Alias /icons/ "/opt/rh/httpd24/root/usr/share/httpd/icons/" + + + Options Indexes MultiViews FollowSymlinks + AllowOverride None + Require all granted + + +# +# AddIcon* directives tell the server which icon to show for different +# files or filename extensions. These are only displayed for +# FancyIndexed directories. +# +AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip + +AddIconByType (TXT,/icons/text.gif) text/* +AddIconByType (IMG,/icons/image2.gif) image/* +AddIconByType (SND,/icons/sound2.gif) audio/* +AddIconByType (VID,/icons/movie.gif) video/* + +AddIcon /icons/binary.gif .bin .exe +AddIcon /icons/binhex.gif .hqx +AddIcon /icons/tar.gif .tar +AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv +AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip +AddIcon /icons/a.gif .ps .ai .eps +AddIcon /icons/layout.gif .html .shtml .htm .pdf +AddIcon /icons/text.gif .txt +AddIcon /icons/c.gif .c +AddIcon /icons/p.gif .pl .py +AddIcon /icons/f.gif .for +AddIcon /icons/dvi.gif .dvi +AddIcon /icons/uuencoded.gif .uu +AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl +AddIcon /icons/tex.gif .tex +AddIcon /icons/bomb.gif /core +AddIcon /icons/bomb.gif */core.* + +AddIcon /icons/back.gif .. +AddIcon /icons/hand.right.gif README +AddIcon /icons/folder.gif ^^DIRECTORY^^ +AddIcon /icons/blank.gif ^^BLANKICON^^ + +# +# DefaultIcon is which icon to show for files which do not have an icon +# explicitly set. +# +DefaultIcon /icons/unknown.gif + +# +# AddDescription allows you to place a short description after a file in +# server-generated indexes. These are only displayed for FancyIndexed +# directories. +# Format: AddDescription "description" filename +# +#AddDescription "GZIP compressed document" .gz +#AddDescription "tar archive" .tar +#AddDescription "GZIP compressed tar archive" .tgz + +# +# ReadmeName is the name of the README file the server will look for by +# default, and append to directory listings. +# +# HeaderName is the name of a file which should be prepended to +# directory indexes. +ReadmeName README.html +HeaderName HEADER.html + +# +# IndexIgnore is a set of filenames which directory indexing should ignore +# and not include in the listing. Shell-style wildcarding is permitted. +# +IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf new file mode 100644 index 0000000..a70324b --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf @@ -0,0 +1,217 @@ +# +# When we also provide SSL we have to listen to the +# the HTTPS port in addition. +# +Listen 0.0.0.0:8443 https + +## +## SSL Global Context +## +## All SSL configuration in this context applies both to +## the main server and all SSL-enabled virtual hosts. +## + +# Pass Phrase Dialog: +# Configure the pass phrase gathering process. +# The filtering dialog program (`builtin' is a internal +# terminal dialog) has to provide the pass phrase on stdout. +SSLPassPhraseDialog builtin + +# Inter-Process Session Cache: +# Configure the SSL Session Cache: First the mechanism +# to use and second the expiring timeout (in seconds). +SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000) +SSLSessionCacheTimeout 300 + +# Pseudo Random Number Generator (PRNG): +# Configure one or more sources to seed the PRNG of the +# SSL library. The seed data should be of good random quality. +# WARNING! On some platforms /dev/random blocks if not enough entropy +# is available. This means you then cannot use the /dev/random device +# because it would lead to very long connection times (as long as +# it requires to make more entropy available). But usually those +# platforms additionally provide a /dev/urandom device which doesn't +# block. So, if available, use this one instead. Read the mod_ssl User +# Manual for more details. +SSLRandomSeed startup file:/dev/urandom 256 +SSLRandomSeed connect builtin +#SSLRandomSeed startup file:/dev/random 512 +#SSLRandomSeed connect file:/dev/random 512 +#SSLRandomSeed connect file:/dev/urandom 512 + +# +# Use "SSLCryptoDevice" to enable any supported hardware +# accelerators. Use "openssl engine -v" to list supported +# engine names. NOTE: If you enable an accelerator and the +# server does not start, consult the error logs and ensure +# your accelerator is functioning properly. +# +SSLCryptoDevice builtin +#SSLCryptoDevice ubsec + +## +## SSL Virtual Host Context +## + + + +# General setup for the virtual host, inherited from global configuration +#DocumentRoot "/var/www/html" +#ServerName www.example.com:8443 + +# Use separate log files for the SSL virtual host; note that LogLevel +# is not inherited from httpd.conf. +ErrorLog |/usr/bin/cat +TransferLog |/usr/bin/cat +LogLevel warn + +# SSL Engine Switch: +# Enable/Disable SSL for this virtual host. +SSLEngine on + +# SSL Protocol support: +# List the enable protocol levels with which clients will be able to +# connect. Disable SSLv2 access by default: +SSLProtocol all -SSLv2 + +# SSL Cipher Suite: +# List the ciphers that the client is permitted to negotiate. +# See the mod_ssl documentation for a complete list. +SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 + +# Speed-optimized SSL Cipher configuration: +# If speed is your main concern (on busy HTTPS servers e.g.), +# you might want to force clients to specific, performance +# optimized ciphers. In this case, prepend those ciphers +# to the SSLCipherSuite list, and enable SSLHonorCipherOrder. +# Caveat: by giving precedence to RC4-SHA and AES128-SHA +# (as in the example below), most connections will no longer +# have perfect forward secrecy - if the server's key is +# compromised, captures of past or future traffic must be +# considered compromised, too. +#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5 +#SSLHonorCipherOrder on + +# Server Certificate: +# Point SSLCertificateFile at a PEM encoded certificate. If +# the certificate is encrypted, then you will be prompted for a +# pass phrase. Note that a kill -HUP will prompt again. A new +# certificate can be generated using the genkey(1) command. +SSLCertificateFile /etc/pki/tls/certs/localhost.crt + +# Server Private Key: +# If the key is not combined with the certificate, use this +# directive to point at the key file. Keep in mind that if +# you've both a RSA and a DSA private key you can configure +# both in parallel (to also allow the use of DSA ciphers, etc.) +SSLCertificateKeyFile /etc/pki/tls/private/localhost.key + +# Server Certificate Chain: +# Point SSLCertificateChainFile at a file containing the +# concatenation of PEM encoded CA certificates which form the +# certificate chain for the server certificate. Alternatively +# the referenced file can be the same as SSLCertificateFile +# when the CA certificates are directly appended to the server +# certificate for convinience. +#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt + +# Certificate Authority (CA): +# Set the CA certificate verification path where to find CA +# certificates for client authentication or alternatively one +# huge file containing all of them (file must be PEM encoded) +#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt + +# Client Authentication (Type): +# Client certificate verification type and depth. Types are +# none, optional, require and optional_no_ca. Depth is a +# number which specifies how deeply to verify the certificate +# issuer chain before deciding the certificate is not valid. +#SSLVerifyClient require +#SSLVerifyDepth 10 + +# Access Control: +# With SSLRequire you can do per-directory access control based +# on arbitrary complex boolean expressions containing server +# variable checks and other lookup directives. The syntax is a +# mixture between C and Perl. See the mod_ssl documentation +# for more details. +# +#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ +# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ +# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ +# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ +# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ +# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ +# + +# SSL Engine Options: +# Set various options for the SSL engine. +# o FakeBasicAuth: +# Translate the client X.509 into a Basic Authorisation. This means that +# the standard Auth/DBMAuth methods can be used for access control. The +# user name is the `one line' version of the client's X.509 certificate. +# Note that no password is obtained from the user. Every entry in the user +# file needs this password: `xxj31ZMTZzkVA'. +# o ExportCertData: +# This exports two additional environment variables: SSL_CLIENT_CERT and +# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the +# server (always existing) and the client (only existing when client +# authentication is used). This can be used to import the certificates +# into CGI scripts. +# o StdEnvVars: +# This exports the standard SSL/TLS related `SSL_*' environment variables. +# Per default this exportation is switched off for performance reasons, +# because the extraction step is an expensive operation and is usually +# useless for serving static content. So one usually enables the +# exportation for CGI and SSI requests only. +# o StrictRequire: +# This denies access when "SSLRequireSSL" or "SSLRequire" applied even +# under a "Satisfy any" situation, i.e. when it applies access is denied +# and no other module can change it. +# o OptRenegotiate: +# This enables optimized SSL connection renegotiation handling when SSL +# directives are used in per-directory context. +#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire + + SSLOptions +StdEnvVars + + + SSLOptions +StdEnvVars + + +# SSL Protocol Adjustments: +# The safe and default but still SSL/TLS standard compliant shutdown +# approach is that mod_ssl sends the close notify alert but doesn't wait for +# the close notify alert from client. When you need a different shutdown +# approach you can use one of the following variables: +# o ssl-unclean-shutdown: +# This forces an unclean shutdown when the connection is closed, i.e. no +# SSL close notify alert is send or allowed to received. This violates +# the SSL/TLS standard but is needed for some brain-dead browsers. Use +# this when you receive I/O errors because of the standard approach where +# mod_ssl sends the close notify alert. +# o ssl-accurate-shutdown: +# This forces an accurate shutdown when the connection is closed, i.e. a +# SSL close notify alert is send and mod_ssl waits for the close notify +# alert of the client. This is 100% SSL/TLS standard compliant, but in +# practice often causes hanging connections with brain-dead browsers. Use +# this only for browsers where you know that their SSL implementation +# works correctly. +# Notice: Most problems of broken clients are also related to the HTTP +# keep-alive facility, so you usually additionally want to disable +# keep-alive for those clients, too. Use variable "nokeepalive" for this. +# Similarly, one has to force some clients to use HTTP/1.0 to workaround +# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and +# "force-response-1.0" for this. +BrowserMatch "MSIE [2-5]" \ + nokeepalive ssl-unclean-shutdown \ + downgrade-1.0 force-response-1.0 + +# Per-Server Logging: +# The home of a custom SSL log file. Use this when you want a +# compact non-error SSL logfile on a virtual host basis. +CustomLog |/usr/bin/cat \ + "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" + + + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf new file mode 100644 index 0000000..b5d7a49 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf @@ -0,0 +1,36 @@ +# +# UserDir: The name of the directory that is appended onto a user's home +# directory if a ~user request is received. +# +# The path to the end user account 'public_html' directory must be +# accessible to the webserver userid. This usually means that ~userid +# must have permissions of 711, ~userid/public_html must have permissions +# of 755, and documents contained therein must be world-readable. +# Otherwise, the client will only receive a "403 Forbidden" message. +# + + # + # UserDir is disabled by default since it can confirm the presence + # of a username on the system (depending on home directory + # permissions). + # + UserDir disabled + + # + # To enable requests to /~user/ to serve the user's public_html + # directory, remove the "UserDir disabled" line above, and uncomment + # the following line instead: + # + #UserDir public_html + + +# +# Control access to UserDir directories. The following is an example +# for a site where these directories are restricted to read-only. +# + + AllowOverride FileInfo AuthConfig Limit Indexes + Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec + Require method GET POST OPTIONS + + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf new file mode 100644 index 0000000..34b4b72 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf @@ -0,0 +1,18 @@ +# +# This configuration file enables the default "Welcome" page if there +# is no default index page present for the root URL. To disable the +# Welcome page, comment out all the lines below. +# +# NOTE: if this file is removed, it will be restored on upgrades. +# + + Options -Indexes + ErrorDocument 403 /.noindex.html + + + + AllowOverride None + Require all granted + + +Alias /.noindex.html /opt/rh/httpd24/root/usr/share/httpd/noindex/index.html diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf new file mode 100644 index 0000000..c109de6 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf @@ -0,0 +1,67 @@ +# +# This file loads most of the modules included with the Apache HTTP +# Server itself. +# + +LoadModule access_compat_module modules/mod_access_compat.so +LoadModule actions_module modules/mod_actions.so +LoadModule alias_module modules/mod_alias.so +LoadModule allowmethods_module modules/mod_allowmethods.so +LoadModule auth_basic_module modules/mod_auth_basic.so +LoadModule auth_digest_module modules/mod_auth_digest.so +LoadModule authn_anon_module modules/mod_authn_anon.so +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authn_dbd_module modules/mod_authn_dbd.so +LoadModule authn_dbm_module modules/mod_authn_dbm.so +LoadModule authn_file_module modules/mod_authn_file.so +LoadModule authn_socache_module modules/mod_authn_socache.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule authz_dbd_module modules/mod_authz_dbd.so +LoadModule authz_dbm_module modules/mod_authz_dbm.so +LoadModule authz_groupfile_module modules/mod_authz_groupfile.so +LoadModule authz_host_module modules/mod_authz_host.so +LoadModule authz_owner_module modules/mod_authz_owner.so +LoadModule authz_user_module modules/mod_authz_user.so +LoadModule autoindex_module modules/mod_autoindex.so +LoadModule cache_module modules/mod_cache.so +LoadModule cache_disk_module modules/mod_cache_disk.so +LoadModule cache_socache_module modules/mod_cache_socache.so +LoadModule data_module modules/mod_data.so +LoadModule dbd_module modules/mod_dbd.so +LoadModule deflate_module modules/mod_deflate.so +LoadModule dir_module modules/mod_dir.so +LoadModule dumpio_module modules/mod_dumpio.so +LoadModule echo_module modules/mod_echo.so +LoadModule env_module modules/mod_env.so +LoadModule expires_module modules/mod_expires.so +LoadModule ext_filter_module modules/mod_ext_filter.so +LoadModule filter_module modules/mod_filter.so +LoadModule headers_module modules/mod_headers.so +LoadModule http2_module modules/mod_http2.so +LoadModule include_module modules/mod_include.so +LoadModule info_module modules/mod_info.so +LoadModule log_config_module modules/mod_log_config.so +LoadModule logio_module modules/mod_logio.so +LoadModule macro_module modules/mod_macro.so +LoadModule mime_magic_module modules/mod_mime_magic.so +LoadModule mime_module modules/mod_mime.so +LoadModule negotiation_module modules/mod_negotiation.so +LoadModule remoteip_module modules/mod_remoteip.so +LoadModule reqtimeout_module modules/mod_reqtimeout.so +LoadModule request_module modules/mod_request.so +LoadModule rewrite_module modules/mod_rewrite.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule slotmem_plain_module modules/mod_slotmem_plain.so +LoadModule slotmem_shm_module modules/mod_slotmem_shm.so +LoadModule socache_dbm_module modules/mod_socache_dbm.so +LoadModule socache_memcache_module modules/mod_socache_memcache.so +LoadModule socache_shmcb_module modules/mod_socache_shmcb.so +LoadModule status_module modules/mod_status.so +LoadModule substitute_module modules/mod_substitute.so +LoadModule suexec_module modules/mod_suexec.so +LoadModule unique_id_module modules/mod_unique_id.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule userdir_module modules/mod_userdir.so +LoadModule version_module modules/mod_version.so +LoadModule vhost_alias_module modules/mod_vhost_alias.so + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf new file mode 100644 index 0000000..e6af8de --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf @@ -0,0 +1,3 @@ +LoadModule dav_module modules/mod_dav.so +LoadModule dav_fs_module modules/mod_dav_fs.so +LoadModule dav_lock_module modules/mod_dav_lock.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf new file mode 100644 index 0000000..9e0d0db --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf @@ -0,0 +1 @@ +LoadModule lua_module modules/mod_lua.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf new file mode 100644 index 0000000..7bfd1d4 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf @@ -0,0 +1,19 @@ +# Select the MPM module which should be used by uncommenting exactly +# one of the following LoadModule lines: + +# prefork MPM: Implements a non-threaded, pre-forking web server +# See: http://httpd.apache.org/docs/2.4/mod/prefork.html +LoadModule mpm_prefork_module modules/mod_mpm_prefork.so + +# worker MPM: Multi-Processing Module implementing a hybrid +# multi-threaded multi-process web server +# See: http://httpd.apache.org/docs/2.4/mod/worker.html +# +#LoadModule mpm_worker_module modules/mod_mpm_worker.so + +# event MPM: A variant of the worker MPM with the goal of consuming +# threads only for connections with active processing +# See: http://httpd.apache.org/docs/2.4/mod/event.html +# +#LoadModule mpm_event_module modules/mod_mpm_event.so + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf new file mode 100644 index 0000000..70bda5e --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf @@ -0,0 +1,20 @@ +# +# This file lists modules included with the Apache HTTP Server +# which are not enabled by default. +# + +#LoadModule asis_module modules/mod_asis.so +#LoadModule buffer_module modules/mod_buffer.so +#LoadModule file_cache_module modules/mod_file_cache.so +#LoadModule watchdog_module modules/mod_watchdog.so +#LoadModule heartbeat_module modules/mod_heartbeat.so +#LoadModule heartmonitor_module modules/mod_heartmonitor.so +#LoadModule usertrack_module modules/mod_usertrack.so +#LoadModule dialup_module modules/mod_dialup.so +#LoadModule charset_lite_module modules/mod_charset_lite.so +#LoadModule log_debug_module modules/mod_log_debug.so +#LoadModule log_forensic_module modules/mod_log_forensic.so +#LoadModule ratelimit_module modules/mod_ratelimit.so +#LoadModule reflector_module modules/mod_reflector.so +#LoadModule sed_module modules/mod_sed.so +#LoadModule speling_module modules/mod_speling.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf new file mode 100644 index 0000000..cc0bca0 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf @@ -0,0 +1,16 @@ +# This file configures all the proxy modules: +LoadModule proxy_module modules/mod_proxy.so +LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so +LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so +LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so +LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so +LoadModule proxy_ajp_module modules/mod_proxy_ajp.so +LoadModule proxy_balancer_module modules/mod_proxy_balancer.so +LoadModule proxy_connect_module modules/mod_proxy_connect.so +LoadModule proxy_express_module modules/mod_proxy_express.so +LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so +LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so +LoadModule proxy_ftp_module modules/mod_proxy_ftp.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_scgi_module modules/mod_proxy_scgi.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf new file mode 100644 index 0000000..53235cd --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf @@ -0,0 +1 @@ +LoadModule ssl_module modules/mod_ssl.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf new file mode 100644 index 0000000..b208c97 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf @@ -0,0 +1,2 @@ +# This file configures systemd module: +LoadModule systemd_module modules/mod_systemd.so diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf new file mode 100644 index 0000000..5b8b936 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf @@ -0,0 +1,14 @@ +# This configuration file loads a CGI module appropriate to the MPM +# which has been configured in 00-mpm.conf. mod_cgid should be used +# with a threaded MPM; mod_cgi with the prefork MPM. + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgid_module modules/mod_cgid.so + + + LoadModule cgi_module modules/mod_cgi.so + + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf new file mode 100644 index 0000000..88fcb97 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf @@ -0,0 +1,353 @@ +# +# This is the main Apache HTTP server configuration file. It contains the +# configuration directives that give the server its instructions. +# See for detailed information. +# In particular, see +# +# for a discussion of each configuration directive. +# +# Do NOT simply read the instructions in here without understanding +# what they do. They're here only as hints or reminders. If you are unsure +# consult the online docs. You have been warned. +# +# Configuration and logfile names: If the filenames you specify for many +# of the server's control files begin with "/" (or "drive:/" for Win32), the +# server will use that explicit path. If the filenames do *not* begin +# with "/", the value of ServerRoot is prepended -- so 'log/access_log' +# with ServerRoot set to '/www' will be interpreted by the +# server as '/www/log/access_log', where as '/log/access_log' will be +# interpreted as '/log/access_log'. + +# +# ServerRoot: The top of the directory tree under which the server's +# configuration, error, and log files are kept. +# +# Do not add a slash at the end of the directory path. If you point +# ServerRoot at a non-local disk, be sure to specify a local disk on the +# Mutex directive, if file-based mutexes are used. If you wish to share the +# same ServerRoot for multiple httpd daemons, you will need to change at +# least PidFile. +# +ServerRoot "/opt/rh/httpd24/root/etc/httpd" + +# +# Listen: Allows you to bind Apache to specific IP addresses and/or +# ports, instead of the default. See also the +# directive. +# +# Change this to Listen on specific IP addresses as shown below to +# prevent Apache from glomming onto all bound IP addresses. +# +#Listen 12.34.56.78:80 +Listen 0.0.0.0:8080 + +# +# Dynamic Shared Object (DSO) Support +# +# To be able to use the functionality of a module which was built as a DSO you +# have to place corresponding `LoadModule' lines at this location so the +# directives contained in it are actually available _before_ they are used. +# Statically compiled modules (those listed by `httpd -l') do not need +# to be loaded here. +# +# Example: +# LoadModule foo_module modules/mod_foo.so +# +Include conf.modules.d/*.conf + +# +# If you wish httpd to run as a different user or group, you must run +# httpd as root initially and it will switch. +# +# User/Group: The name (or #number) of the user/group to run httpd as. +# It is usually good practice to create a dedicated user and group for +# running httpd, as with most system services. +# +User default +Group root + +# 'Main' server configuration +# +# The directives in this section set up the values used by the 'main' +# server, which responds to any requests that aren't handled by a +# definition. These values also provide defaults for +# any containers you may define later in the file. +# +# All of these directives may appear inside containers, +# in which case these default settings will be overridden for the +# virtual host being defined. +# + +# +# ServerAdmin: Your address, where problems with the server should be +# e-mailed. This address appears on some server-generated pages, such +# as error documents. e.g. admin@your-domain.com +# +ServerAdmin root@localhost + +# +# ServerName gives the name and port that the server uses to identify itself. +# This can often be determined automatically, but we recommend you specify +# it explicitly to prevent problems during startup. +# +# If your host doesn't have a registered DNS name, enter its IP address here. +# +#ServerName www.example.com:80 + +# +# Deny access to the entirety of your server's filesystem. You must +# explicitly permit access to web content directories in other +# blocks below. +# + + AllowOverride none + Require all denied + + +# +# Note that from this point forward you must specifically allow +# particular features to be enabled - so if something's not working as +# you might expect, make sure that you have specifically enabled it +# below. +# + +# +# DocumentRoot: The directory out of which you will serve your +# documents. By default, all requests are taken from this directory, but +# symbolic links and aliases may be used to point to other locations. +# +DocumentRoot "/opt/rh/httpd24/root/var/www/html" + +# +# Relax access to content within /opt/rh/httpd24/root/var/www. +# + + AllowOverride None + # Allow open access: + Require all granted + + +# Further relax access to the default document root: + + # + # Possible values for the Options directive are "None", "All", + # or any combination of: + # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews + # + # Note that "MultiViews" must be named *explicitly* --- "Options All" + # doesn't give it to you. + # + # The Options directive is both complicated and important. Please see + # http://httpd.apache.org/docs/2.4/mod/core.html#options + # for more information. + # + Options Indexes FollowSymLinks + + # + # AllowOverride controls what directives may be placed in .htaccess files. + # It can be "All", "None", or any combination of the keywords: + # Options FileInfo AuthConfig Limit + # + AllowOverride All + + # + # Controls who can get stuff from this server. + # + Require all granted + + +# +# DirectoryIndex: sets the file that Apache will serve if a directory +# is requested. +# + + DirectoryIndex index.html + + +# +# The following lines prevent .htaccess and .htpasswd files from being +# viewed by Web clients. +# + + Require all denied + + +# +# ErrorLog: The location of the error log file. +# If you do not specify an ErrorLog directive within a +# container, error messages relating to that virtual host will be +# logged here. If you *do* define an error logfile for a +# container, that host's errors will be logged there and not here. +# +ErrorLog |/usr/bin/cat + +# +# LogLevel: Control the number of messages logged to the error_log. +# Possible values include: debug, info, notice, warn, error, crit, +# alert, emerg. +# +LogLevel warn + + + # + # The following directives define some format nicknames for use with + # a CustomLog directive (see below). + # + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined + LogFormat "%h %l %u %t \"%r\" %>s %b" common + + + # You need to enable mod_logio.c to use %I and %O + LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio + + + # + # The location and format of the access logfile (Common Logfile Format). + # If you do not define any access logfiles within a + # container, they will be logged here. Contrariwise, if you *do* + # define per- access logfiles, transactions will be + # logged therein and *not* in this file. + # + #CustomLog "logs/access_log" common + + # + # If you prefer a logfile with access, agent, and referer information + # (Combined Logfile Format) you can use the following directive. + # + CustomLog |/usr/bin/cat combined + + + + # + # Redirect: Allows you to tell clients about documents that used to + # exist in your server's namespace, but do not anymore. The client + # will make a new request for the document at its new location. + # Example: + # Redirect permanent /foo http://www.example.com/bar + + # + # Alias: Maps web paths into filesystem paths and is used to + # access content that does not live under the DocumentRoot. + # Example: + # Alias /webpath /full/filesystem/path + # + # If you include a trailing / on /webpath then the server will + # require it to be present in the URL. You will also likely + # need to provide a section to allow access to + # the filesystem path. + + # + # ScriptAlias: This controls which directories contain server scripts. + # ScriptAliases are essentially the same as Aliases, except that + # documents in the target directory are treated as applications and + # run by the server when requested rather than as documents sent to the + # client. The same rules about trailing "/" apply to ScriptAlias + # directives as to Alias. + # + ScriptAlias /cgi-bin/ "/opt/rh/httpd24/root/var/www/cgi-bin/" + + + +# +# "/opt/rh/httpd24/root/var/www/cgi-bin" should be changed to whatever your ScriptAliased +# CGI directory exists, if you have that configured. +# + + AllowOverride None + Options None + Require all granted + + + + # + # TypesConfig points to the file containing the list of mappings from + # filename extension to MIME-type. + # + TypesConfig /etc/mime.types + + # + # AddType allows you to add to or override the MIME configuration + # file specified in TypesConfig for specific file types. + # + #AddType application/x-gzip .tgz + # + # AddEncoding allows you to have certain browsers uncompress + # information on the fly. Note: Not all browsers support this. + # + #AddEncoding x-compress .Z + #AddEncoding x-gzip .gz .tgz + # + # If the AddEncoding directives above are commented-out, then you + # probably should define those extensions to indicate media types: + # + AddType application/x-compress .Z + AddType application/x-gzip .gz .tgz + + # + # AddHandler allows you to map certain file extensions to "handlers": + # actions unrelated to filetype. These can be either built into the server + # or added with the Action directive (see below) + # + # To use CGI scripts outside of ScriptAliased directories: + # (You will also need to add "ExecCGI" to the "Options" directive.) + # + #AddHandler cgi-script .cgi + + # For type maps (negotiated resources): + #AddHandler type-map var + + # + # Filters allow you to process content before it is sent to the client. + # + # To parse .shtml files for server-side includes (SSI): + # (You will also need to add "Includes" to the "Options" directive.) + # + AddType text/html .shtml + AddOutputFilter INCLUDES .shtml + + +# +# Specify a default charset for all content served; this enables +# interpretation of all content as UTF-8 by default. To use the +# default browser choice (ISO-8859-1), or to allow the META tags +# in HTML content to override this choice, comment out this +# directive: +# +AddDefaultCharset UTF-8 + + + # + # The mod_mime_magic module allows the server to use various hints from the + # contents of the file itself to determine its type. The MIMEMagicFile + # directive tells the module where the hint definitions are located. + # + MIMEMagicFile conf/magic + + +# +# Customizable error responses come in three flavors: +# 1) plain text 2) local redirects 3) external redirects +# +# Some examples: +#ErrorDocument 500 "The server made a boo boo." +#ErrorDocument 404 /missing.html +#ErrorDocument 404 "/cgi-bin/missing_handler.pl" +#ErrorDocument 402 http://www.example.com/subscription_info.html +# + +# +# EnableMMAP and EnableSendfile: On systems that support it, +# memory-mapping or the sendfile syscall may be used to deliver +# files. This usually improves server performance, but must +# be turned off when serving from networked-mounted +# filesystems or if support for these functions is otherwise +# broken on your system. +# Defaults if commented: EnableMMAP On, EnableSendfile Off +# +#EnableMMAP off +EnableSendfile on + +# Supplemental configuration +# +# Load config files in the "/etc/httpd/conf.d" directory, if any. +IncludeOptional conf.d/*.conf diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf/magic b/setup/projects/katrin/files/etc/apache2-kaas/conf/magic new file mode 100644 index 0000000..7c56119 --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/conf/magic @@ -0,0 +1,385 @@ +# Magic data for mod_mime_magic Apache module (originally for file(1) command) +# The module is described in /manual/mod/mod_mime_magic.html +# +# The format is 4-5 columns: +# Column #1: byte number to begin checking from, ">" indicates continuation +# Column #2: type of data to match +# Column #3: contents of data to match +# Column #4: MIME type of result +# Column #5: MIME encoding of result (optional) + +#------------------------------------------------------------------------------ +# Localstuff: file(1) magic for locally observed files +# Add any locally observed files here. + +#------------------------------------------------------------------------------ +# end local stuff +#------------------------------------------------------------------------------ + +#------------------------------------------------------------------------------ +# Java + +0 short 0xcafe +>2 short 0xbabe application/java + +#------------------------------------------------------------------------------ +# audio: file(1) magic for sound formats +# +# from Jan Nicolai Langfeldt , +# + +# Sun/NeXT audio data +0 string .snd +>12 belong 1 audio/basic +>12 belong 2 audio/basic +>12 belong 3 audio/basic +>12 belong 4 audio/basic +>12 belong 5 audio/basic +>12 belong 6 audio/basic +>12 belong 7 audio/basic + +>12 belong 23 audio/x-adpcm + +# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format +# that uses little-endian encoding and has a different magic number +# (0x0064732E in little-endian encoding). +0 lelong 0x0064732E +>12 lelong 1 audio/x-dec-basic +>12 lelong 2 audio/x-dec-basic +>12 lelong 3 audio/x-dec-basic +>12 lelong 4 audio/x-dec-basic +>12 lelong 5 audio/x-dec-basic +>12 lelong 6 audio/x-dec-basic +>12 lelong 7 audio/x-dec-basic +# compressed (G.721 ADPCM) +>12 lelong 23 audio/x-dec-adpcm + +# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM" +# AIFF audio data +8 string AIFF audio/x-aiff +# AIFF-C audio data +8 string AIFC audio/x-aiff +# IFF/8SVX audio data +8 string 8SVX audio/x-aiff + +# Creative Labs AUDIO stuff +# Standard MIDI data +0 string MThd audio/unknown +#>9 byte >0 (format %d) +#>11 byte >1 using %d channels +# Creative Music (CMF) data +0 string CTMF audio/unknown +# SoundBlaster instrument data +0 string SBI audio/unknown +# Creative Labs voice data +0 string Creative\ Voice\ File audio/unknown +## is this next line right? it came this way... +#>19 byte 0x1A +#>23 byte >0 - version %d +#>22 byte >0 \b.%d + +# [GRR 950115: is this also Creative Labs? Guessing that first line +# should be string instead of unknown-endian long...] +#0 long 0x4e54524b MultiTrack sound data +#0 string NTRK MultiTrack sound data +#>4 long x - version %ld + +# Microsoft WAVE format (*.wav) +# [GRR 950115: probably all of the shorts and longs should be leshort/lelong] +# Microsoft RIFF +0 string RIFF audio/unknown +# - WAVE format +>8 string WAVE audio/x-wav +# MPEG audio. +0 beshort&0xfff0 0xfff0 audio/mpeg +# C64 SID Music files, from Linus Walleij +0 string PSID audio/prs.sid + +#------------------------------------------------------------------------------ +# c-lang: file(1) magic for C programs or various scripts +# + +# XPM icons (Greg Roelofs, newt@uchicago.edu) +# ideally should go into "images", but entries below would tag XPM as C source +0 string /*\ XPM image/x-xbm 7bit + +# this first will upset you if you're a PL/1 shop... (are there any left?) +# in which case rm it; ascmagic will catch real C programs +# C or REXX program text +0 string /* text/plain +# C++ program text +0 string // text/plain + +#------------------------------------------------------------------------------ +# compress: file(1) magic for pure-compression formats (no archives) +# +# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc. +# +# Formats for various forms of compressed data +# Formats for "compress" proper have been moved into "compress.c", +# because it tries to uncompress it to figure out what's inside. + +# standard unix compress +0 string \037\235 application/octet-stream x-compress + +# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver) +0 string \037\213 application/octet-stream x-gzip + +# According to gzip.h, this is the correct byte order for packed data. +0 string \037\036 application/octet-stream +# +# This magic number is byte-order-independent. +# +0 short 017437 application/octet-stream + +# XXX - why *two* entries for "compacted data", one of which is +# byte-order independent, and one of which is byte-order dependent? +# +# compacted data +0 short 0x1fff application/octet-stream +0 string \377\037 application/octet-stream +# huf output +0 short 0145405 application/octet-stream + +# Squeeze and Crunch... +# These numbers were gleaned from the Unix versions of the programs to +# handle these formats. Note that I can only uncrunch, not crunch, and +# I didn't have a crunched file handy, so the crunch number is untested. +# Keith Waclena +#0 leshort 0x76FF squeezed data (CP/M, DOS) +#0 leshort 0x76FE crunched data (CP/M, DOS) + +# Freeze +#0 string \037\237 Frozen file 2.1 +#0 string \037\236 Frozen file 1.0 (or gzip 0.5) + +# lzh? +#0 string \037\240 LZH compressed data + +#------------------------------------------------------------------------------ +# frame: file(1) magic for FrameMaker files +# +# This stuff came on a FrameMaker demo tape, most of which is +# copyright, but this file is "published" as witness the following: +# +0 string \ +# and Anna Shergold +# +0 string \ +0 string \14 byte 12 (OS/2 1.x format) +#>14 byte 64 (OS/2 2.x format) +#>14 byte 40 (Windows 3.x format) +#0 string IC icon +#0 string PI pointer +#0 string CI color icon +#0 string CP color pointer +#0 string BA bitmap array + +0 string \x89PNG image/png +0 string FWS application/x-shockwave-flash +0 string CWS application/x-shockwave-flash + +#------------------------------------------------------------------------------ +# lisp: file(1) magic for lisp programs +# +# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com) +0 string ;; text/plain 8bit +# Emacs 18 - this is always correct, but not very magical. +0 string \012( application/x-elc +# Emacs 19 +0 string ;ELC\023\000\000\000 application/x-elc + +#------------------------------------------------------------------------------ +# mail.news: file(1) magic for mail and news +# +# There are tests to ascmagic.c to cope with mail and news. +0 string Relay-Version: message/rfc822 7bit +0 string #!\ rnews message/rfc822 7bit +0 string N#!\ rnews message/rfc822 7bit +0 string Forward\ to message/rfc822 7bit +0 string Pipe\ to message/rfc822 7bit +0 string Return-Path: message/rfc822 7bit +0 string Path: message/news 8bit +0 string Xref: message/news 8bit +0 string From: message/rfc822 7bit +0 string Article message/news 8bit +#------------------------------------------------------------------------------ +# msword: file(1) magic for MS Word files +# +# Contributor claims: +# Reversed-engineered MS Word magic numbers +# + +0 string \376\067\0\043 application/msword +0 string \333\245-\0\0\0 application/msword + +# disable this one because it applies also to other +# Office/OLE documents for which msword is not correct. See PR#2608. +#0 string \320\317\021\340\241\261 application/msword + + + +#------------------------------------------------------------------------------ +# printer: file(1) magic for printer-formatted files +# + +# PostScript +0 string %! application/postscript +0 string \004%! application/postscript + +# Acrobat +# (due to clamen@cs.cmu.edu) +0 string %PDF- application/pdf + +#------------------------------------------------------------------------------ +# sc: file(1) magic for "sc" spreadsheet +# +38 string Spreadsheet application/x-sc + +#------------------------------------------------------------------------------ +# tex: file(1) magic for TeX files +# +# XXX - needs byte-endian stuff (big-endian and little-endian DVI?) +# +# From + +# Although we may know the offset of certain text fields in TeX DVI +# and font files, we can't use them reliably because they are not +# zero terminated. [but we do anyway, christos] +0 string \367\002 application/x-dvi +#0 string \367\203 TeX generic font data +#0 string \367\131 TeX packed font data +#0 string \367\312 TeX virtual font data +#0 string This\ is\ TeX, TeX transcript text +#0 string This\ is\ METAFONT, METAFONT transcript text + +# There is no way to detect TeX Font Metric (*.tfm) files without +# breaking them apart and reading the data. The following patterns +# match most *.tfm files generated by METAFONT or afm2tfm. +#2 string \000\021 TeX font metric data +#2 string \000\022 TeX font metric data +#>34 string >\0 (%s) + +# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com) +#0 string \\input\ texinfo Texinfo source text +#0 string This\ is\ Info\ file GNU Info text + +# correct TeX magic for Linux (and maybe more) +# from Peter Tobias (tobias@server.et-inf.fho-emden.de) +# +0 leshort 0x02f7 application/x-dvi + +# RTF - Rich Text Format +0 string {\\rtf application/rtf + +#------------------------------------------------------------------------------ +# animation: file(1) magic for animation/movie formats +# +# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8) +# MPEG file +0 string \000\000\001\263 video/mpeg +# +# The contributor claims: +# I couldn't find a real magic number for these, however, this +# -appears- to work. Note that it might catch other files, too, +# so BE CAREFUL! +# +# Note that title and author appear in the two 20-byte chunks +# at decimal offsets 2 and 22, respectively, but they are XOR'ed with +# 255 (hex FF)! DL format SUCKS BIG ROCKS. +# +# DL file version 1 , medium format (160x100, 4 images/screen) +0 byte 1 video/unknown +0 byte 2 video/unknown +# Quicktime video, from Linus Walleij +# from Apple quicktime file format documentation. +4 string moov video/quicktime +4 string mdat video/quicktime + diff --git a/setup/projects/katrin/files/etc/apache2-kaas/logs b/setup/projects/katrin/files/etc/apache2-kaas/logs new file mode 120000 index 0000000..2a478fd --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/logs @@ -0,0 +1 @@ +/var/log/httpd24 \ No newline at end of file diff --git a/setup/projects/katrin/files/etc/apache2-kaas/modules b/setup/projects/katrin/files/etc/apache2-kaas/modules new file mode 120000 index 0000000..a4c456b --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/modules @@ -0,0 +1 @@ +/opt/rh/httpd24/root/usr/lib64/httpd/modules \ No newline at end of file diff --git a/setup/projects/katrin/files/etc/apache2-kaas/run b/setup/projects/katrin/files/etc/apache2-kaas/run new file mode 120000 index 0000000..c1a28cf --- /dev/null +++ b/setup/projects/katrin/files/etc/apache2-kaas/run @@ -0,0 +1 @@ +/opt/rh/httpd24/root/var/run/httpd \ No newline at end of file diff --git a/setup/projects/katrin/files/www/kaas/index.html b/setup/projects/katrin/files/www/kaas/index.html new file mode 100644 index 0000000..906ee19 --- /dev/null +++ b/setup/projects/katrin/files/www/kaas/index.html @@ -0,0 +1 @@ +KAAS diff --git a/setup/projects/katrin/keys/kaas.crt b/setup/projects/katrin/keys/kaas.crt new file mode 100644 index 0000000..82ef723 --- /dev/null +++ b/setup/projects/katrin/keys/kaas.crt @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV +BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK +DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN +MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG +A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD +VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B +AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I +ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU +GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n +qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH +DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3 +060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV +HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu +cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL +ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x +G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs +WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6 +/ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE +qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp +j5rXZ3Oda5tHYrnPsA== +-----END CERTIFICATE----- diff --git a/setup/projects/katrin/keys/kaas.key b/setup/projects/katrin/keys/kaas.key new file mode 100644 index 0000000..3d766c8 --- /dev/null +++ b/setup/projects/katrin/keys/kaas.key @@ -0,0 +1,90 @@ +$ANSIBLE_VAULT;1.1;AES256 +38323634333239303134316164343132636432356331393634343164663065353733323732656339 +6363343738363234626565343665326365343366363166370a623263626134646332393231656566 +37366136353864366562633832316338353233653930333430383235643337623433393464613765 +3734626432316164300a656139383462653761306435346433346637616565393132396137376661 +64643835393132633831386638613764613164663036356233663861653138613465663434643161 +36333666323862636665396261333532313833393038326339343136363239356235313463333661 +61316664366437333064336531333538333734356238323561626163313031383833613233386438 +64616337323230626463643535393831666363373864393432633539323732393266356232636663 +63303263393337643831376537386666373737656364663162663164353961323264373462366636 +38346163396139636131323134613337613164623533353163616539643333623264336434333662 +33386538646239336639303230653335626434633131336135393831656666326130383034656664 +65313766623466663138333062343061393532353630363532656139373939643362613265626461 +31666166393433646135353936373836636435613432646435643264653338306532656361316537 +62316164393638356635633931316537326262343561663165643837396365653461356432666433 +32326262336164376663343363353134373563653933616531653936333265383762613534363832 +36393765383032383762383961623462306334323463353739663362363336343130633935383064 +35396531343032656335623239373565376633313665313132656162626535656133633063396131 +31333936623738653435633562623061393961343736323539373464303735376266353232393639 +61353661663934313333363935346164316664616632396434353436646437313861303763326430 +34363335653564373963376162393836353234306534306334666263633261366434663265333134 +63633431303530616637633731366539613538313839653864336436633230303730653935366661 +62303765383834663230303334373865346630643739363336366537343465346361313530643436 +35653533313565663638363432656239366261316261613437353933643365623766353838386430 +39386539636332373732356334656365646362336539623934353337623264663866323866323966 +62633932316136623866393461333866396333373934333461323533323866303533333737366261 +33383131303932663231646238343661363565613466333463303262343831653839323162613134 +64633465343932643465653934646533366266656437616337643537383932623238633230346462 +39396263393431663631383931303063666539336432663730623338366439343739316539663364 +38626233333561313836616634306437653662323265633832343632336633396634326364323531 +38633836343063653037623666396534303032366136333737663562633763323831663265343466 +65643361643436613533386139336238633032616235363035396532646637383338383639393861 +65346661616534313764313738363131336235333662353735333466656635393233336332616435 +39326338323436646337313935373535396165386338626563363863633139353038373434613466 +35613565313734346361643664366533666663396664326164396534303638333831666631323063 +33343032636331643464633237363561653236656663346232663465663936633335643765666435 +62306536313464363333656437313264323065663436373464356338623264313464623937313934 +32623234393163653732376663333263633031626335353033613937393661336338383463626534 +30373261663732373535643831626565666136336666396130636434373034316132353238656234 +37646133383164356566306665393432376561383435653463363239343136303133373433346231 +38623833643863633433306466376639633066623733333435316233326539303239666232616264 +62306436613931303032653734633737613066653235623930386261626565643436653632336639 +36313066663933366562366236633965323534336361646131383432393634646564306532656162 +39303430643534333338663962346266663532623064303133366662313661626139373236636664 +63326435623838613039386134303663323439373639616634633266353334653737666434383037 +34306638306264393434653630373661373564613935303766363039666333303161373533316134 +36343632626265306239656361383939353736343139373437373162303437623236666137633666 +62626364353164373237306330313464623363643466343439653465353938663831323634363634 +37386635396261306366376630326534613337356235613863313632326435356461353730343339 +34393636316333373435326236363238656332616333393663653465326434396262313466336365 +38336635363762313530616666666335653865376363623965333064366462373030333735333630 +62653965666630613061646265376130626263313032323038626430383233666563646639373339 +30313032393237623634666464383635396431393866303530383235633265313161383563363532 +66336261336638616335356262303436633765363336616535633734313037383136313635313366 +33303963383135343064613637353432666461353661643834376666386633663964663565386465 +39616634343835323362613362376662326463633139653163313437636238386430623234663936 +63623566393434303937343461366361363661653364626265366630333036623735323435306332 +35666265383130313438353965353239343135663937613362323530323734626234633037326135 +32336266373734623534353239373238333333626537666433636261653333626137653335656331 +30326563666664316537316633643661626239366536333134376662643735386634396430633132 +39636266656131363063343731643366376664623062656262396235663636386564346364373533 +63633961656539386630643639383162303661656134363334373166303233346263646335393535 +37373131633834316239326265326266386230383430653564663138636334323736313363303561 +32353932366637316433333538353032396339366538636261613963613865396231646437313339 +63376635656466346165626361336161333638366166356431336361343761613431303161626462 +36613266393633643333386238656161393337326637353464646264356139326466353763393465 +33383564323333313861336565323762386539303737306362613930646330653636396466303238 +38636365343234663436363334303439666366366462633537393362623133376430616136376235 +33616561353764643236636633633561633230303338613136343537353236316666376537393836 +35383336626662353562383034653532303663613033316534623832333633633737613266343665 +34393235623231336533613331643566303237623238663762393331373636623065643666393137 +61383264356564663165326266626263303363376634303238323861633533396137666163343162 +64636633333033373138313133346539333634373265396231653665323062396432383435393864 +32633763646230343639646637626434353336346265643439653863366335363935343934623334 +32636534366435383863353065393731613361343336633364303061303432366230393431393939 +33666632656135343263373934326262643936383337343137353434633434636535623835346439 +30653437376538373961306439343966343039303262396339343866313937383231616465336332 +64663434643466336665376462356561353266313730336435623832643230376434636536356163 +34613964343132356233623966316462643737613234373466643164353133303837653237306536 +62616661373466383232353861653734363562343337343333353763656562616535373536306461 +66303131616163623835363366653737643933383938383735353635646234613064316533346330 +63633732326434653939323534366637333932313637326536316430326338666263343163363735 +35333435353238396236316132393838663430313137346362313865386135646234346530346261 +63373062303637336662373763393239646133633933613066643263326130396134343332633464 +32613061383665666266353264653732663765353832656364396235313339626565656133653735 +63663230316533666462396436396465363333363862356330656565633466363439363338383339 +37386462623035393931313938653064376239393863643831633431333633373938363132333030 +61623539636430316431616162383963663061353164313735306365353965336233663239656336 +30346531383561356439323062333263646536646232643263353533653563653634633962343933 +36356164306132386530373437396263393461373036333938343763386664653462 diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl new file mode 100644 index 0000000..d155267 --- /dev/null +++ b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl @@ -0,0 +1,43 @@ +--- +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowPrivilegedContainer: false +allowedCapabilities: null +apiVersion: v1 +defaultAddCapabilities: null +fsGroup: + type: MustRunAs +groups: +- system:authenticated +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: restricted denies access to all host features and requires + pods to be run with a UID, and SELinux context that are allocated to the namespace. This + is the most restrictive SCC. + creationTimestamp: null + name: katrin-restricted +priority: null +readOnlyRootFilesystem: false +requiredDropCapabilities: +- KILL +- MKNOD +- SYS_CHROOT +- SETUID +- SETGID +runAsUser: + type: MustRunAsRange +seLinuxContext: + type: MustRunAs +supplementalGroups: + type: RunAsAny +volumes: +- glusterfs +- configMap +- downwardAPI +- emptyDir +- persistentVolumeClaim +- secret diff --git a/setup/projects/katrin/templates/katrin.yml.j2.bk b/setup/projects/katrin/templates/katrin.yml.j2.bk new file mode 100644 index 0000000..5d032b3 --- /dev/null +++ b/setup/projects/katrin/templates/katrin.yml.j2.bk @@ -0,0 +1,135 @@ +--- +apiVersion: v1 +kind: Template +metadata: + name: kaas + annotations: + descriptions: "KATRIN Routing Service" +objects: + - apiVersion: v1 + kind: Service + metadata: + name: kaas + spec: + selector: + name: kaas + ports: + - name: http + port: 80 + targetPort: 8080 + - name: https + port: 443 + targetPort: 8443 + - apiVersion: v1 + kind: Route + metadata: + name: kaas + spec: + host: {{ kaas_project_config.katrin_node }} + to: + kind: Service + name: kaas + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Allow + certificate: |- + -----BEGIN CERTIFICATE----- + MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV + BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK + DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN + MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG + A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD + VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I + ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU + GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n + qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH + DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3 + 060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV + HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu + cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL + ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x + G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs + WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6 + /ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE + qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp + j5rXZ3Oda5tHYrnPsA== + -----END CERTIFICATE----- + key: |- + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIn36cpuErgBpX + JUf+OYDE8UL+jayF6OYUv2MgTgivKt2eKt6nFyC93bFylNh45vlMwooW0map5beM + 84HeMATIvO+7LVpjB38M3HgD1VQY7ayF2qM8xoE6TgqOyNme37y2hYl4AFiwnicB + OlszSKORfpGpChFuiJopaW+jXSeox8aZCMxH6ULm6EXmFaEfAP6o+KAQUZiKzvd2 + AUOHJ1+XinM9cHJK/iEzjMe8cccM7RCKkYjHCYyvDhT/Liyc3WEMI8UMk3dZ6Eri + W3u0PwRrVXCKQIuHZ5n6/3gFALfTrSEcgLiUSG1NoOw1esYjDOpU/1M+45UQ6AQC + PHI3XYPTAgMBAAECggEAFFXubIyR2Gn0wY6a3I8RmWTnKIxNx4kTAVlg/95JDRBo + RGcOCJvUispU+UtTIfYvoPM7MhMDqwcI8vWf3Vi6s2pLVorDVbRl0XTriV/vVVOK + IEtILpnkcXeFpHGBdZQyOcIRbCOE2eo+A+bZZbpgMhhFRYAqwiyAi+APG90ObxIb + AqTEeTyztqyrKfnTdr50owL2KT7adS6XuSUNX681IJc+szbQ7piXN57Kdxd2PydM + JnSZAOBpQHkbiOEDUseeDjYRT23loeMIS7nWTwo1Y1LwsEKL5S7C0fKBfZV9xARw + TntGuM87HzbAk4535We8qW3t/5EqpzurgK7u9/PEEQKBgQDjy8CjDdobGK9+VUDg + iHbANbzEB4LrpVJiE+esr0iLXOoMdfTPwpd4XpbPPOjx/A9+6VfpdGt1EdZwLMpy + qryPW0iumsri3iPSVBS79mN6WmwYhNOcOTWlmbs4pEhubht9aNBi7rZ7QZgV3PLN + 7YBZHzxfyxTcIBCAzzoF7zaUeQKBgQDhdneOijWAYx0AMKTBzJw52KO/gloTDl9M + mOhvUIuYxkUE/mDE5EqI6k9VkbAqUvlD3z2S7yNY+h2hldO+u3w8GPo+bTCMyNDB + 0tQGCZnbKl8mfmItUlTyJ/MmNbanmYI2VmhDTMh6S8d8qKW9txXfDEXrzY2p7z/X + gRF3Ow9PqwKBgGw7CMHv+Ora5bbehr6n19QnNBLnhrqzh9r1niOb/JnKgaF+Ad0c + lZ8pQfog9ITUwAAKmixflha/bOVLQr0Mhh6Ovo/HGBKGfPqX3GoZ/NXLVISpx2j4 + fZa63gthctCVHBaP0ELRLH6PgdURb4OMDmlJwAO7l6Om0HCDBQyAxavxAoGAZPUJ + QBh/MIgxGj6t5+HZKsXpPP3/m3zaC5CEtCOa/sP5b+0AI+odvgU9lRFxkuIon828 + 4qiWaWdGEW7nrAaD8N02YPG/xaq+X6wqKLHv5QWqKbB6AdVWGEDvTfLLYW0Js48p + jMk7FBgOsbFK1hK/hmsWfCpE/w0Ux0kSKxOVHZUCgYEA41rhW18+KdxJyQTZaQRV + 0KQr8/30L116XYYTYrkILa6504nXMr7xSHuMxaPNl20b/sBz8a8VuKJt2CLZQ0Q3 + oW3GAG2Fk+mvrauLriiJ2KgZkS5IJweJKHbIk1GQrucNArNojk9unrqN8wpa3Ywo + 9GafqnfUGu+FVd1CKolicSA= + -----END PRIVATE KEY----- + - apiVersion: v1 + kind: DeploymentConfig + metadata: + name: kaas + spec: + replicas: 1 + selector: + name: kaas + template: + metadata: + name: kaas + labels: + name: kaas + strategy: + type: Rolling + triggers: + - type: ConfigChange + spec: + nodeSelector: + master: "1" + containers: + - name: kaas + image: centos/httpd-24-centos7 + imagePullPolicy: Always + ports: + - containerPort: 8080 + - containerPort: 8443 + volumeMounts: + - name: config + subPath: etc/apache2-kaas + mountPath: /etc/httpd + - name: config + subPath: log/apache2-kaas + mountPath: /var/log/httpd24 + - name: config + subPath: htdocs/kaas + mountPath: /opt/rh/httpd24/root/var/www/html + livenessProbe: + timeoutSeconds: 1 + initialDelaySeconds: 3 + httpGet: + path: /index.html + port: 8080 + volumes: + - name: config + persistentVolumeClaim: + claimName: openshift diff --git a/setup/projects/katrin/vars/globals.yml b/setup/projects/katrin/vars/globals.yml new file mode 100644 index 0000000..50776ff --- /dev/null +++ b/setup/projects/katrin/vars/globals.yml @@ -0,0 +1,2 @@ +#katrin_node: katrin.kit.edu +katrin_node: "katrin.{{ openshift_master_default_subdomain }}" diff --git a/setup/projects/katrin/vars/katrin.yml b/setup/projects/katrin/vars/katrin.yml new file mode 100644 index 0000000..c825654 --- /dev/null +++ b/setup/projects/katrin/vars/katrin.yml @@ -0,0 +1,7 @@ +#katrin_openshift_volumes: +#adei_openshift_volumes: + +#volumes: "{{ ands_openshift_volumes | combine (katrin_openshift_volumes, adei_openshift_volumes) }}" +#files: "{{ ands_openshift_files | union([]) }}" +#file_owner: katrin +#file_group: katrin \ No newline at end of file diff --git a/setup/projects/katrin/vars/pods.yml b/setup/projects/katrin/vars/pods.yml new file mode 100644 index 0000000..3bfcfd7 --- /dev/null +++ b/setup/projects/katrin/vars/pods.yml @@ -0,0 +1,22 @@ +# First port is exposed +pods: + kaas: + service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] } + sched: { replicas: 1, selector: { master: 1 } } + selector: { master: 1 } + images: + - image: "centos/httpd-24-centos7" + mappings: + - { name: "etc", path: "apache2-kaas", mount: "/etc/httpd24" } + - { name: "www", path: "kaas", mount: "/opt/rh/httpd24/root/var/www/html" } + - { name: "log", path: "apache2-kaas", mount: "/var/log/httpd24" } + probes: + - { port: 8080, path: '/index.html' } + +#oc: +# - template: "[0-3]*" +# - template: "[4-6]*" +# - resource: "route/apache" +# oc: "expose svc/kaas --name apache --hostname=apache.{{ openshift_master_default_subdomain }}" +# - template: "*" + \ No newline at end of file diff --git a/setup/users/htpasswd b/setup/users/htpasswd new file mode 100644 index 0000000..cf0d67e --- /dev/null +++ b/setup/users/htpasswd @@ -0,0 +1,3 @@ +pdv:$apr1$ACvj6uUa$Nm1Vq8hZq3RzTtaYpAHv01 +csa:$apr1$IqEwdnzy$UAdd8ZSFnXommBbj29w3c0 +katrin:$apr1$/hxgbxC4$/MxeHtIYvAJcIQFR5Jz0E0 diff --git a/setup/users/users.yml b/setup/users/users.yml new file mode 120000 index 0000000..b201d8a --- /dev/null +++ b/setup/users/users.yml @@ -0,0 +1 @@ +../configs/openshift.yml \ No newline at end of file -- cgit v1.2.3