[PATCH 1/2] removed the audrey_puppet dir, it is not used any more

--- audrey_puppet/COPYING | 158 --- audrey_puppet/Makefile | 53 - audrey_puppet/README | 13 - audrey_puppet/aeolus-audrey_puppet.spec.in | 51 - audrey_puppet/manifests/defaults.pp | 4 - .../apache2/files/etc/httpd/conf.d/passenger.conf | 9 - .../apache2/files/etc/httpd/conf.d/php.conf | 23 - .../apache2/files/etc/httpd/conf.d/ssl.conf | 229 ----- .../apache2/files/etc/httpd/conf.d/webalizer.conf | 12 - audrey_puppet/modules/apache2/manifests/init.pp | 42 - .../modules/apache2/manifests/passenger.pp | 16 - audrey_puppet/modules/apache2/manifests/php.pp | 9 - audrey_puppet/modules/apache2/manifests/site.pp | 42 - audrey_puppet/modules/apache2/manifests/ssl.pp | 17 - .../modules/apache2/manifests/webalizer.pp | 9 - .../modules/apache2/templates/httpd.conf.6.erb | 1010 -------------------- audrey_puppet/modules/apache2/templates/vhost.conf | 21 - audrey_puppet/modules/ssh/manifests/client.pp | 10 - audrey_puppet/modules/ssh/manifests/init.pp | 5 - audrey_puppet/modules/ssh/manifests/server.pp | 7 - .../modules/ssh/manifests/server/config.pp | 5 - .../modules/ssh/manifests/server/install.pp | 5 - audrey_puppet/modules/ssh/manifests/server/keys.pp | 10 - .../modules/ssh/manifests/server/service.pp | 6 - audrey_puppet/modules/ssh/manifests/server/user.pp | 14 - .../modules/ssh/templates/sshd_config.erb | 124 --- audrey_puppet/node | 11 - audrey_puppet/nodes/default | 5 - audrey_puppet/nodes/imagebuilder.tlv.redhat.com | 5 - audrey_puppet/run | 4 - 30 files changed, 0 insertions(+), 1929 deletions(-) delete mode 100644 audrey_puppet/COPYING delete mode 100644 audrey_puppet/Makefile delete mode 100644 audrey_puppet/README delete mode 100644 audrey_puppet/aeolus-audrey_puppet.spec.in delete mode 100644 audrey_puppet/manifests/defaults.pp delete mode 100644 audrey_puppet/modules/apache2/files/empty/.ignore delete mode 100644 audrey_puppet/modules/apache2/files/etc/httpd/conf.d/passenger.conf delete mode 100644 audrey_puppet/modules/apache2/files/etc/httpd/conf.d/php.conf delete mode 100644 audrey_puppet/modules/apache2/files/etc/httpd/conf.d/ssl.conf delete mode 100644 audrey_puppet/modules/apache2/files/etc/httpd/conf.d/webalizer.conf delete mode 100644 audrey_puppet/modules/apache2/manifests/init.pp delete mode 100644 audrey_puppet/modules/apache2/manifests/passenger.pp delete mode 100644 audrey_puppet/modules/apache2/manifests/php.pp delete mode 100644 audrey_puppet/modules/apache2/manifests/site.pp delete mode 100644 audrey_puppet/modules/apache2/manifests/ssl.pp delete mode 100644 audrey_puppet/modules/apache2/manifests/webalizer.pp delete mode 100644 audrey_puppet/modules/apache2/templates/httpd.conf.6.erb delete mode 100644 audrey_puppet/modules/apache2/templates/vhost.conf delete mode 100644 audrey_puppet/modules/ssh/manifests/client.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/init.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/server.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/server/config.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/server/install.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/server/keys.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/server/service.pp delete mode 100644 audrey_puppet/modules/ssh/manifests/server/user.pp delete mode 100644 audrey_puppet/modules/ssh/templates/sshd_config.erb delete mode 100755 audrey_puppet/node delete mode 100644 audrey_puppet/nodes/default delete mode 100644 audrey_puppet/nodes/imagebuilder.tlv.redhat.com delete mode 100755 audrey_puppet/run diff --git a/audrey_puppet/COPYING b/audrey_puppet/COPYING deleted file mode 100644 index 35907a1..0000000 --- a/audrey_puppet/COPYING +++ /dev/null @@ -1,158 +0,0 @@ -Apache License - -Version 2.0, January 2004 - -http://www.apache.org/licenses/ - -TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - -1. Definitions. - -"License" shall mean the terms and conditions for use, reproduction, -and distribution as defined by Sections 1 through 9 of this document. - -"Licensor" shall mean the copyright owner or entity authorized by the -copyright owner that is granting the License. - -"Legal Entity" shall mean the union of the acting entity and all other -entities that control, are controlled by, or are under common control with -that entity. For the purposes of this definition, "control" means (i) the -power, direct or indirect, to cause the direction or management of such -entity, whether by contract or otherwise, or (ii) ownership of fifty percent -(50%) or more of the outstanding shares, or (iii) beneficial ownership -of such entity. - -"You" (or "Your") shall mean an individual or Legal Entity exercising permissions -granted by this License. - -"Source" form shall mean the preferred form for making modifications, including -but not limited to software source code, documentation source, and configuration -files. - -"Object" form shall mean any form resulting from mechanical transformation -or translation of a Source form, including but not limited to compiled -object code, generated documentation, and conversions to other media types. - -"Work" shall mean the work of authorship, whether in Source or Object form, -made available under the License, as indicated by a copyright notice that -is included in or attached to the work (an example is provided in the Appendix -below). - -"Derivative Works" shall mean any work, whether in Source or Object form, -that is based on (or derived from) the Work and for which the editorial -revisions, annotations, elaborations, or other modifications represent, -as a whole, an original work of authorship. For the purposes of this License, -Derivative Works shall not include works that remain separable from, or -merely link (or bind by name) to the interfaces of, the Work and Derivative -Works thereof. - -"Contribution" shall mean any work of authorship, including the original -version of the Work and any modifications or additions to that Work or -Derivative Works thereof, that is intentionally submitted to Licensor for -inclusion in the Work by the copyright owner or by an individual or Legal -Entity authorized to submit on behalf of the copyright owner. For the purposes -of this definition, "submitted" means any form of electronic, verbal, or -written communication sent to the Licensor or its representatives, including -but not limited to communication on electronic mailing lists, source code -control systems, and issue tracking systems that are managed by, or on -behalf of, the Licensor for the purpose of discussing and improving the -Work, but excluding communication that is conspicuously marked or otherwise -designated in writing by the copyright owner as "Not a Contribution." - -"Contributor" shall mean Licensor and any individual or Legal Entity on -behalf of whom a Contribution has been received by Licensor and subsequently -incorporated within the Work. - -2. Grant of Copyright License. Subject to the terms and conditions of this -License, each Contributor hereby grants to You a perpetual, worldwide, -non-exclusive, no-charge, royalty-free, irrevocable copyright license to -reproduce, prepare Derivative Works of, publicly display, publicly perform, -sublicense, and distribute the Work and such Derivative Works in Source -or Object form. - -3. Grant of Patent License. Subject to the terms and conditions of this -License, each Contributor hereby grants to You a perpetual, worldwide, -non-exclusive, no-charge, royalty-free, irrevocable (except as stated in -this section) patent license to make, have made, use, offer to sell, sell, -import, and otherwise transfer the Work, where such license applies only -to those patent claims licensable by such Contributor that are necessarily -infringed by their Contribution(s) alone or by combination of their Contribution(s) -with the Work to which such Contribution(s) was submitted. If You institute -patent litigation against any entity (including a cross-claim or counterclaim -in a lawsuit) alleging that the Work or a Contribution incorporated within -the Work constitutes direct or contributory patent infringement, then any -patent licenses granted to You under this License for that Work shall terminate -as of the date such litigation is filed. - -4. Redistribution. You may reproduce and distribute copies of the Work -or Derivative Works thereof in any medium, with or without modifications, and -in Source or Object form, provided that You meet the following conditions: - -1. You must give any other recipients of the Work or Derivative Works -a copy of this License; and -2. You must cause any modified files to carry prominent notices stating -that You changed the files; and -3. You must retain, in the Source form of any Derivative Works that -You distribute, all copyright, patent, trademark, and attribution notices -from the Source form of the Work, excluding those notices that do not pertain -to any part of the Derivative Works; and -4. If the Work includes a "NOTICE" text file as part of its distribution, -then any Derivative Works that You distribute must include a readable copy -of the attribution notices contained within such NOTICE file, excluding -those notices that do not pertain to any part of the Derivative Works, -in at least one of the following places: within a NOTICE text file distributed -as part of the Derivative Works; within the Source form or documentation, -if provided along with the Derivative Works; or, within a display generated -by the Derivative Works, if and wherever such third-party notices normally -appear. The contents of the NOTICE file are for informational purposes -only and do not modify the License. You may add Your own attribution notices -within Derivative Works that You distribute, alongside or as an addendum -to the NOTICE text from the Work, provided that such additional attribution -notices cannot be construed as modifying the License. You may add Your -own copyright statement to Your modifications and may provide additional -or different license terms and conditions for use, reproduction, or distribution -of Your modifications, or for any such Derivative Works as a whole, provided -Your use, reproduction, and distribution of the Work otherwise complies -with the conditions stated in this License. - -5. Submission of Contributions. Unless You explicitly state otherwise, -any Contribution intentionally submitted for inclusion in the Work by You -to the Licensor shall be under the terms and conditions of this License, -without any additional terms or conditions. Notwithstanding the above, -nothing herein shall supersede or modify the terms of any separate license -agreement you may have executed with Licensor regarding such Contributions. - -6. Trademarks. This License does not grant permission to use the trade -names, trademarks, service marks, or product names of the Licensor, except -as required for reasonable and customary use in describing the origin of -the Work and reproducing the content of the NOTICE file. - -7. Disclaimer of Warranty. Unless required by applicable -law or agreed to in writing, Licensor provides the Work (and each Contributor -provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR -CONDITIONS OF ANY KIND, either express or implied, including, without limitation, -any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, -or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining -the appropriateness of using or redistributing the Work and assume any -risks associated with Your exercise of permissions under this License. - -8. Limitation of Liability. In no event and under no legal theory, whether -in tort (including negligence), contract, or otherwise, unless required -by applicable law (such as deliberate and grossly negligent acts) or agreed -to in writing, shall any Contributor be liable to You for damages, including -any direct, indirect, special, incidental, or consequential damages of -any character arising as a result of this License or out of the use or -inability to use the Work (including but not limited to damages for loss -of goodwill, work stoppage, computer failure or malfunction, or any and -all other commercial damages or losses), even if such Contributor has been -advised of the possibility of such damages. - -9. Accepting Warranty or Additional Liability. While redistributing the -Work or Derivative Works thereof, You may choose to offer, and charge a -fee for, acceptance of support, warranty, indemnity, or other liability -obligations and/or rights consistent with this License. However, in accepting -such obligations, You may act only on Your own behalf and on Your sole -responsibility, not on behalf of any other Contributor, and only if You -agree to indemnify, defend, and hold each Contributor harmless for any -liability incurred by, or claims asserted against, such Contributor by -reason of your accepting any such warranty or additional liability. diff --git a/audrey_puppet/Makefile b/audrey_puppet/Makefile deleted file mode 100644 index 6998802..0000000 --- a/audrey_puppet/Makefile +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (C) 2011 Red Hat, Inc. -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; version 2 of the License. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, -# MA 02110-1301, USA. A copy of the GNU General Public License is -# also available at http://www.gnu.org/copyleft/gpl.html. - -AUDREY_PUPPET_CACHE_DIR ?= $(HOME)/audrey_puppet-cache - -VERSION = 0.3.1 - -# For Release: 0..., set _audrey_puppet_dev=1 so that we get extra_release.GIT- -# annotated rpm version strings. -_audrey_puppet_dev = $(shell grep -q '^[[:space:]]*Release:[[:space:]]*0' \ - aeolus-audrey_puppet.spec.in && echo 1 || :) - -# use $(shell...) here to collect the git head and date *once* per make target. -# that ensures that if multiple actions happen in the same target (like the -# multiple RPM builds in the rpms target), they all use the same date -git_head = $(shell git log -1 --pretty=format:%h) -date = $(shell date --utc +%Y%m%d%H%M%S) -GIT_RELEASE = $(date)git$(git_head) -RPMDIR = $$(rpm --eval '%{_rpmdir}') -# RPM_FLAGS = --define "audrey_puppet_cache_dir $(AUDREY_PUPPET_CACHE_DIR)" -# RPM_FLAGS += $(if $(_audrey_puppet_dev),--define "extra_release .$(GIT_RELEASE)") - -dist: - sed -e 's/@VERSION@/$(VERSION)/' aeolus-audrey_puppet.spec.in > aeolus-audrey_puppet.spec - mkdir -p dist/aeolus-audrey_puppet-$(VERSION) - cp -a aeolus-audrey_puppet.spec COPYING Makefile modules nodes run manifests node \ - dist/aeolus-audrey_puppet-$(VERSION) - tar -C dist -zcvf aeolus-audrey_puppet-$(VERSION).tar.gz aeolus-audrey_puppet-$(VERSION) - -rpms: dist - rpmbuild -ta aeolus-audrey_puppet-$(VERSION).tar.gz - -srpms: dist - rpmbuild -ts aeolus-audrey_puppet-$(VERSION).tar.gz - -clean: - rm -rf dist aeolus-audrey_puppet-$(VERSION).tar.gz aeolus-audrey_puppet.spec - -.PHONY: dist rpms srpms diff --git a/audrey_puppet/README b/audrey_puppet/README deleted file mode 100644 index fcb68c3..0000000 --- a/audrey_puppet/README +++ /dev/null @@ -1,13 +0,0 @@ -Requirements: -* Puppet client package - -How it works: - -Puppet executes the node script, which in turn reads the yaml file based -on the fqdn. The node script, can be changed to query from any source -(such as a web api, db etc). - -Test with: - -The puppet modules can be exercised with the "run" test script. - diff --git a/audrey_puppet/aeolus-audrey_puppet.spec.in b/audrey_puppet/aeolus-audrey_puppet.spec.in deleted file mode 100644 index 9baa0a6..0000000 --- a/audrey_puppet/aeolus-audrey_puppet.spec.in +++ /dev/null @@ -1,51 +0,0 @@ -%define app_root /usr/share/puppet/cloud_engine - -Name: aeolus-audrey_puppet -Version: @VERSION@ -Release: 0%{?dist}%{?extra_release} - -Summary: The Aeolus Audrey Puppet Modules -BuildArch: noarch - -Group: Applications/System -License: GPLv2+ and MIT and BSD -URL: http://aeolusproject.org -Source0: aeolus-audrey_puppet-%{version}.tar.gz -BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) - -%description -The Aeolus Audrey Puppet modules are driven by the Aeolus Audrey Start -script on a instances in a cloud at boot time. - -%prep -%setup -q - -%build - -%install -rm -rf $RPM_BUILD_ROOT - -%{__mkdir} -p %{buildroot}%{app_root}/audrey_puppet - -# copy over the puppet bits -%{__cp} -R manifests %{buildroot}%{app_root}/audrey_puppet -%{__cp} -R modules %{buildroot}%{app_root}/audrey_puppet -%{__cp} -R nodes %{buildroot}%{app_root}/audrey_puppet -%{__cp} node %{buildroot}%{app_root}/audrey_puppet - -echo %{buildroot}%{app_root} -echo $RPM_BUILD_ROOT -echo "pwd: $(pwd)" -pwd - -%clean -rm -rf $RPM_BUILD_ROOT - -%files -%defattr(-,root,root,-) -%{app_root}/audrey_puppet/* - - -%changelog -* Wed May 18 2011 Joe VLcek <joev(a)redhat.com&gt; 0.0.1-1 -- Initial build. diff --git a/audrey_puppet/manifests/defaults.pp b/audrey_puppet/manifests/defaults.pp deleted file mode 100644 index 5deb3c1..0000000 --- a/audrey_puppet/manifests/defaults.pp +++ /dev/null @@ -1,4 +0,0 @@ -Package {ensure => installed} -File { owner => root, group => root, mode => 444 } -Service { ensure => running, enable => true, hasstatus => true, hasrestart => true} - diff --git a/audrey_puppet/modules/apache2/files/empty/.ignore b/audrey_puppet/modules/apache2/files/empty/.ignore deleted file mode 100644 index e69de29..0000000 diff --git a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/passenger.conf b/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/passenger.conf deleted file mode 100644 index 79bbc45..0000000 --- a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/passenger.conf +++ /dev/null @@ -1,9 +0,0 @@ -LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-2.2.2/ext/apache2/mod_passenger.so -PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-2.2.2 -PassengerRuby /usr/bin/ruby -PassengerMaxPoolSize 30 -PassengerPoolIdleTime 1500 -PassengerMaxRequests 1000 -PassengerStatThrottleRate 120 -RackAutoDetect Off -RailsAutoDetect Off diff --git a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/php.conf b/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/php.conf deleted file mode 100644 index 7bdcbca..0000000 --- a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/php.conf +++ /dev/null @@ -1,23 +0,0 @@ -# PHP is an HTML-embedded scripting language which attempts to make it -# easy for developers to write dynamically generated webpages. -# - -LoadModule php5_module modules/libphp5.so - -# -# Cause the PHP interpreter to handle files with a .php extension. -# -AddHandler php5-script .php -AddType text/html .php - -# -# Add index.php to the list of files that will be served as directory -# indexes. -# -DirectoryIndex index.php - -# -# Uncomment the following line to allow PHP to pretty-print .phps -# files as PHP source code: -# -#AddType application/x-httpd-php-source .phps diff --git a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/ssl.conf b/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/ssl.conf deleted file mode 100644 index 77274df..0000000 --- a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/ssl.conf +++ /dev/null @@ -1,229 +0,0 @@ -# -# This is the Apache server configuration file providing SSL support. -# It contains the configuration directives to instruct the server how to -# serve pages over an https connection. For detailing information about these -# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html> -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# - -LoadModule ssl_module modules/mod_ssl.so - -# -# When we also provide SSL we have to listen to the -# the HTTPS port in addition. -# -Listen 443 - -## -## SSL Global Context -## -## All SSL configuration in this context applies both to -## the main server and all SSL-enabled virtual hosts. -## - -# -# Some MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# Pass Phrase Dialog: -# Configure the pass phrase gathering process. -# The filtering dialog program (`builtin' is a internal -# terminal dialog) has to provide the pass phrase on stdout. -SSLPassPhraseDialog builtin - -# Inter-Process Session Cache: -# Configure the SSL Session Cache: First the mechanism -# to use and second the expiring timeout (in seconds). -#SSLSessionCache dc:UNIX:/var/cache/mod_ssl/distcache -SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) -SSLSessionCacheTimeout 300 - -# Semaphore: -# Configure the path to the mutual exclusion semaphore the -# SSL engine uses internally for inter-process synchronization. -SSLMutex default - -# Pseudo Random Number Generator (PRNG): -# Configure one or more sources to seed the PRNG of the -# SSL library. The seed data should be of good random quality. -# WARNING! On some platforms /dev/random blocks if not enough entropy -# is available. This means you then cannot use the /dev/random device -# because it would lead to very long connection times (as long as -# it requires to make more entropy available). But usually those -# platforms additionally provide a /dev/urandom device which doesn't -# block. So, if available, use this one instead. Read the mod_ssl User -# Manual for more details. -SSLRandomSeed startup file:/dev/urandom 256 -SSLRandomSeed connect builtin -#SSLRandomSeed startup file:/dev/random 512 -#SSLRandomSeed connect file:/dev/random 512 -#SSLRandomSeed connect file:/dev/urandom 512 - -# -# Use "SSLCryptoDevice" to enable any supported hardware -# accelerators. Use "openssl engine -v" to list supported -# engine names. NOTE: If you enable an accelerator and the -# server does not start, consult the error logs and ensure -# your accelerator is functioning properly. -# -SSLCryptoDevice builtin -#SSLCryptoDevice ubsec - -## -## SSL Virtual Host Context -## - -###<VirtualHost _default_:443> - -# General setup for the virtual host, inherited from global configuration -#DocumentRoot "/var/www/html" -#ServerName www.example.com:443 - -# Use separate log files for the SSL virtual host; note that LogLevel -# is not inherited from httpd.conf. -###ErrorLog logs/ssl_error_log -###TransferLog logs/ssl_access_log -###LogLevel warn - -# SSL Engine Switch: -# Enable/Disable SSL for this virtual host. -###SSLEngine on - -# SSL Protocol support: -# List the enable protocol levels with which clients will be able to -# connect. Disable SSLv2 access by default: -SSLProtocol all -SSLv2 - -# SSL Cipher Suite: -# List the ciphers that the client is permitted to negotiate. -# See the mod_ssl documentation for a complete list. -SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW - -# Server Certificate: -# Point SSLCertificateFile at a PEM encoded certificate. If -# the certificate is encrypted, then you will be prompted for a -# pass phrase. Note that a kill -HUP will prompt again. A new -# certificate can be generated using the genkey(1) command. -###SSLCertificateFile /etc/pki/tls/certs/localhost.crt - -# Server Private Key: -# If the key is not combined with the certificate, use this -# directive to point at the key file. Keep in mind that if -# you've both a RSA and a DSA private key you can configure -# both in parallel (to also allow the use of DSA ciphers, etc.) -###SSLCertificateKeyFile /etc/pki/tls/private/localhost.key - -# Server Certificate Chain: -# Point SSLCertificateChainFile at a file containing the -# concatenation of PEM encoded CA certificates which form the -# certificate chain for the server certificate. Alternatively -# the referenced file can be the same as SSLCertificateFile -# when the CA certificates are directly appended to the server -# certificate for convinience. -#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt - -# Certificate Authority (CA): -# Set the CA certificate verification path where to find CA -# certificates for client authentication or alternatively one -# huge file containing all of them (file must be PEM encoded) -#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt - -# Client Authentication (Type): -# Client certificate verification type and depth. Types are -# none, optional, require and optional_no_ca. Depth is a -# number which specifies how deeply to verify the certificate -# issuer chain before deciding the certificate is not valid. -#SSLVerifyClient require -#SSLVerifyDepth 10 - -# Access Control: -# With SSLRequire you can do per-directory access control based -# on arbitrary complex boolean expressions containing server -# variable checks and other lookup directives. The syntax is a -# mixture between C and Perl. See the mod_ssl documentation -# for more details. -#<Location /> -#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \ -# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \ -# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \ -# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \ -# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \ -# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/ -#</Location> - -# SSL Engine Options: -# Set various options for the SSL engine. -# o FakeBasicAuth: -# Translate the client X.509 into a Basic Authorisation. This means that -# the standard Auth/DBMAuth methods can be used for access control. The -# user name is the `one line' version of the client's X.509 certificate. -# Note that no password is obtained from the user. Every entry in the user -# file needs this password: `xxj31ZMTZzkVA'. -# o ExportCertData: -# This exports two additional environment variables: SSL_CLIENT_CERT and -# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the -# server (always existing) and the client (only existing when client -# authentication is used). This can be used to import the certificates -# into CGI scripts. -# o StdEnvVars: -# This exports the standard SSL/TLS related `SSL_*' environment variables. -# Per default this exportation is switched off for performance reasons, -# because the extraction step is an expensive operation and is usually -# useless for serving static content. So one usually enables the -# exportation for CGI and SSI requests only. -# o StrictRequire: -# This denies access when "SSLRequireSSL" or "SSLRequire" applied even -# under a "Satisfy any" situation, i.e. when it applies access is denied -# and no other module can change it. -# o OptRenegotiate: -# This enables optimized SSL connection renegotiation handling when SSL -# directives are used in per-directory context. -#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire -###<Files ~ "\.(cgi|shtml|phtml|php3?)$"> -### SSLOptions +StdEnvVars -###</Files> -###<Directory "/var/www/cgi-bin"> -### SSLOptions +StdEnvVars -###</Directory> - -# SSL Protocol Adjustments: -# The safe and default but still SSL/TLS standard compliant shutdown -# approach is that mod_ssl sends the close notify alert but doesn't wait for -# the close notify alert from client. When you need a different shutdown -# approach you can use one of the following variables: -# o ssl-unclean-shutdown: -# This forces an unclean shutdown when the connection is closed, i.e. no -# SSL close notify alert is send or allowed to received. This violates -# the SSL/TLS standard but is needed for some brain-dead browsers. Use -# this when you receive I/O errors because of the standard approach where -# mod_ssl sends the close notify alert. -# o ssl-accurate-shutdown: -# This forces an accurate shutdown when the connection is closed, i.e. a -# SSL close notify alert is send and mod_ssl waits for the close notify -# alert of the client. This is 100% SSL/TLS standard compliant, but in -# practice often causes hanging connections with brain-dead browsers. Use -# this only for browsers where you know that their SSL implementation -# works correctly. -# Notice: Most problems of broken clients are also related to the HTTP -# keep-alive facility, so you usually additionally want to disable -# keep-alive for those clients, too. Use variable "nokeepalive" for this. -# Similarly, one has to force some clients to use HTTP/1.0 to workaround -# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and -# "force-response-1.0" for this. -###SetEnvIf User-Agent ".*MSIE.*" \ -### nokeepalive ssl-unclean-shutdown \ -### downgrade-1.0 force-response-1.0 - -# Per-Server Logging: -# The home of a custom SSL log file. Use this when you want a -# compact non-error SSL logfile on a virtual host basis. -###CustomLog logs/ssl_request_log \ -### "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - -###</VirtualHost> - diff --git a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/webalizer.conf b/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/webalizer.conf deleted file mode 100644 index eae35fa..0000000 --- a/audrey_puppet/modules/apache2/files/etc/httpd/conf.d/webalizer.conf +++ /dev/null @@ -1,12 +0,0 @@ -# -# This configuration file maps the webalizer log analysis -# results (generated daily) into the URL space. By default -# these results are accessible for all Infineon hosts. -# -Alias /usage /var/www/usage - -<Location /usage> - Order deny,allow - Deny from all - Allow from localhost -</Location> diff --git a/audrey_puppet/modules/apache2/manifests/init.pp b/audrey_puppet/modules/apache2/manifests/init.pp deleted file mode 100644 index 3cc115b..0000000 --- a/audrey_puppet/modules/apache2/manifests/init.pp +++ /dev/null @@ -1,42 +0,0 @@ -# This class installs the apache2 service -# Ensure that there is no network user called apache before installing -# this is a CentOS 5 compatable (e.g. apache 2.2) manifest. -class apache2::common { - group {"apache": ensure => present, require => Package["httpd"]} - user {"apache": ensure => present, home => "/var/www", - managehome => false, membership => minimum, groups => [], - shell => "/sbin/nologin", require => Package["httpd"], - } - package { "httpd":} - - service { "httpd" : ensure => "running", subscribe => Package["httpd"] } - - exec { "reload-apache2": - command => "/etc/init.d/httpd reload", - onlyif => "/usr/sbin/apachectl -t", - require => Service["httpd"], - refreshonly => true, - } - - file{ - "/etc/httpd/conf/httpd.conf": -# JJV source => ["puppet:///apache2/etc/httpd/conf/httpd.conf.${lsbmajdistrelease}","puppet:///apache2/etc/httpd/conf/httpd.conf.6"], - content => template("apache2/httpd.conf.6.erb"), - mode => 0644, - notify => Exec["reload-apache2"], - require => Package["httpd"]; - #ensure that only managed apache file are present - commented out by default - "/etc/httpd/conf.d": - source => "puppet:///apache2/empty", - ensure => directory, checksum => mtime, - recurse => true, purge => true, force => true, - mode => 0644, - notify => Exec["reload-apache2"], - require => Package["httpd"] - } - - @file{"/etc/httpd/conf.d/NameVirtualHost.conf": - content => "NameVirtualHost *\n" - } - -} diff --git a/audrey_puppet/modules/apache2/manifests/passenger.pp b/audrey_puppet/modules/apache2/manifests/passenger.pp deleted file mode 100644 index 6edba62..0000000 --- a/audrey_puppet/modules/apache2/manifests/passenger.pp +++ /dev/null @@ -1,16 +0,0 @@ -class apache2::passenger { - # just in case apache is not included. - include apache2::common - - # Package is avail be only for Red Hat CentOS 5 - package{"rubygem-passenger": - ensure => "2.2.2-1", - require => [Package["httpd"],Yumrepo["foreman"]], - before => Service["httpd"], - } - file{"/etc/httpd/conf.d/passenger.conf": - source => "puppet:///apache2/etc/httpd/conf.d/passenger.conf", - mode => 644, owner=> root, group => root, - notify => Exec["reload-apache2"], - } -} diff --git a/audrey_puppet/modules/apache2/manifests/php.pp b/audrey_puppet/modules/apache2/manifests/php.pp deleted file mode 100644 index 6fd40a7..0000000 --- a/audrey_puppet/modules/apache2/manifests/php.pp +++ /dev/null @@ -1,9 +0,0 @@ -class apache2::php { - include apache2::common - package{"php": ensure => installed} - file {"/etc/httpd/conf.d/php.conf": - source => "puppet:///apache2/etc/httpd/conf.d/php.conf", - mode => 440, owner => root, group => apache, - notify => Service["httpd"], - } -} diff --git a/audrey_puppet/modules/apache2/manifests/site.pp b/audrey_puppet/modules/apache2/manifests/site.pp deleted file mode 100644 index b325561..0000000 --- a/audrey_puppet/modules/apache2/manifests/site.pp +++ /dev/null @@ -1,42 +0,0 @@ -define apache2::site( $admin = "webmaster", $aliases = '', $ensure = 'present', $rails = false, $conf = false, $user = false) { - $siteroot = "$sites::base_dir/$name" - $docroot = $rails ? { true => "$siteroot/public", default => "$siteroot/html"} - $logroot = "$siteroot/logs" - $confroot = "$siteroot/conf" - file { "/etc/httpd/conf.d/$name.conf": - mode => "644", - ensure => $ensure, - require => Package["httpd"], - notify => Exec["reload-apache2"], - content => template("apache2/vhost.conf"), - } - file {$siteroot: ensure => directory} - file {[$logroot, $docroot]: - ensure => directory, - owner => $user ? { false => undef, default => $user}, - recurse => true, - mode => 644, - before => Service["httpd"], - } - - file {$confroot: - source => $conf ? { false => undef, default => $conf}, - recurse => true, force => true, - ensure => $conf ? { false => 'absent', default => 'present' }, - notify => Exec["reload-apache2"], - } - realize File["/etc/httpd/conf.d/NameVirtualHost.conf"] - - if $rails and $user { - user{$user: shell => "/bin/false", managehome => true} - - file {["$siteroot/config/environment.rb", "$siteroot/log", "$siteroot/tmp"]: - owner => $user, - mode => 644, - recurse => true, - require => User[$user], - before => Service["httpd"], - } - } - -} diff --git a/audrey_puppet/modules/apache2/manifests/ssl.pp b/audrey_puppet/modules/apache2/manifests/ssl.pp deleted file mode 100644 index 0922792..0000000 --- a/audrey_puppet/modules/apache2/manifests/ssl.pp +++ /dev/null @@ -1,17 +0,0 @@ -class apache2::ssl { - include apache2::common - package { [ "mod_ssl" , "mod_authz_ldap" ]: - ensure => present, require => Package["httpd"], - notify => Service["httpd"] - } - file { - "/etc/httpd/conf.d/ssl.conf": - source => "puppet:///apache2/etc/httpd/conf.d/ssl.conf", - mode => 0644, owner => root, group => root, - notify => Exec["reload-apache2"]; - ["/var/cache/mod_ssl", "/var/cache/mod_ssl/scache"]: - ensure => directory, - owner => apache, group => root, mode => 0750, - notify => Service["httpd"]; - } -} diff --git a/audrey_puppet/modules/apache2/manifests/webalizer.pp b/audrey_puppet/modules/apache2/manifests/webalizer.pp deleted file mode 100644 index 01c8d6f..0000000 --- a/audrey_puppet/modules/apache2/manifests/webalizer.pp +++ /dev/null @@ -1,9 +0,0 @@ -class apache2::webalizer { - package { "webalizer": ensure => installed } - file {"/etc/httpd/conf.d/webalizer.conf": - source => "puppet:///apache2/etc/httpd/conf.d/webalizer.conf", - require => Package["httpd"], - notify => Service["httpd"], - mode => 644 - } -} diff --git a/audrey_puppet/modules/apache2/templates/httpd.conf.6.erb b/audrey_puppet/modules/apache2/templates/httpd.conf.6.erb deleted file mode 100644 index 3036645..0000000 --- a/audrey_puppet/modules/apache2/templates/httpd.conf.6.erb +++ /dev/null @@ -1,1010 +0,0 @@ -# -# This is the main Apache server configuration file. It contains the -# configuration directives that give the server its instructions. -# See <URL:http://httpd.apache.org/docs/2.2/> for detailed information. -# In particular, see -# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html> -# for a discussion of each configuration directive. -# -# -# Do NOT simply read the instructions in here without understanding -# what they do. They're here only as hints or reminders. If you are unsure -# consult the online docs. You have been warned. -# -# The configuration directives are grouped into three basic sections: -# 1. Directives that control the operation of the Apache server process as a -# whole (the 'global environment'). -# 2. Directives that define the parameters of the 'main' or 'default' server, -# which responds to requests that aren't handled by a virtual host. -# These directives also provide default values for the settings -# of all virtual hosts. -# 3. Settings for virtual hosts, which allow Web requests to be sent to -# different IP addresses or hostnames and have them handled by the -# same Apache server process. -# -# Configuration and logfile names: If the filenames you specify for many -# of the server's control files begin with "/" (or "drive:/" for Win32), the -# server will use that explicit path. If the filenames do *not* begin -# with "/", the value of ServerRoot is prepended -- so "logs/foo.log" -# with ServerRoot set to "/etc/httpd" will be interpreted by the -# server as "/etc/httpd/logs/foo.log". -# - -### Section 1: Global Environment -# -# The directives in this section affect the overall operation of Apache, -# such as the number of concurrent requests it can handle or where it -# can find its configuration files. -# - -# -# Don't give away too much information about all the subcomponents -# we are running. Comment out this line if you don't mind remote sites -# finding out what major optional modules you are running -ServerTokens OS - -# -# ServerRoot: The top of the directory tree under which the server's -# configuration, error, and log files are kept. -# -# NOTE! If you intend to place this on an NFS (or otherwise network) -# mounted filesystem then please read the LockFile documentation -# (available at <URL:http://httpd.apache.org/docs/2.2/mod/mpm_common.html#lockfile>); -# you will save yourself a lot of trouble. -# -# Do NOT add a slash at the end of the directory path. -# -ServerRoot "/etc/httpd" - -# -# PidFile: The file in which the server should record its process -# identification number when it starts. Note the PIDFILE variable in -# /etc/sysconfig/httpd must be set appropriately if this location is -# changed. -# -PidFile run/httpd.pid - -# -# Timeout: The number of seconds before receives and sends time out. -# -Timeout 60 - -# -# KeepAlive: Whether or not to allow persistent connections (more than -# one request per connection). Set to "Off" to deactivate. -# -KeepAlive Off - -# -# MaxKeepAliveRequests: The maximum number of requests to allow -# during a persistent connection. Set to 0 to allow an unlimited amount. -# We recommend you leave this number high, for maximum performance. -# -MaxKeepAliveRequests 100 - -# -# KeepAliveTimeout: Number of seconds to wait for the next request from the -# same client on the same connection. -# -KeepAliveTimeout 15 - -## -## Server-Pool Size Regulation (MPM specific) -## - -# prefork MPM -# StartServers: number of server processes to start -# MinSpareServers: minimum number of server processes which are kept spare -# MaxSpareServers: maximum number of server processes which are kept spare -# ServerLimit: maximum value for MaxClients for the lifetime of the server -# MaxClients: maximum number of server processes allowed to start -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule prefork.c> -StartServers 8 -MinSpareServers 5 -MaxSpareServers 20 -ServerLimit 256 -MaxClients 256 -MaxRequestsPerChild 4000 -</IfModule> - -# worker MPM -# StartServers: initial number of server processes to start -# MaxClients: maximum number of simultaneous client connections -# MinSpareThreads: minimum number of worker threads which are kept spare -# MaxSpareThreads: maximum number of worker threads which are kept spare -# ThreadsPerChild: constant number of worker threads in each server process -# MaxRequestsPerChild: maximum number of requests a server process serves -<IfModule worker.c> -StartServers 4 -MaxClients 300 -MinSpareThreads 25 -MaxSpareThreads 75 -ThreadsPerChild 25 -MaxRequestsPerChild 0 -</IfModule> - -# -# Listen: Allows you to bind Apache to specific IP addresses and/or -# ports, in addition to the default. See also the <VirtualHost> -# directive. -# -# Change this to Listen on specific IP addresses as shown below to -# prevent Apache from glomming onto all bound IP addresses (0.0.0.0) -# -#Listen 12.34.56.78:80 -#Listen 80 -Listen <%=apache_port rescue "80"%> - -# -# Dynamic Shared Object (DSO) Support -# -# To be able to use the functionality of a module which was built as a DSO you -# have to place corresponding `LoadModule' lines at this location so the -# directives contained in it are actually available _before_ they are used. -# Statically compiled modules (those listed by `httpd -l') do not need -# to be loaded here. -# -# Example: -# LoadModule foo_module modules/mod_foo.so -# -LoadModule auth_basic_module modules/mod_auth_basic.so -LoadModule auth_digest_module modules/mod_auth_digest.so -LoadModule authn_file_module modules/mod_authn_file.so -LoadModule authn_alias_module modules/mod_authn_alias.so -LoadModule authn_anon_module modules/mod_authn_anon.so -LoadModule authn_dbm_module modules/mod_authn_dbm.so -LoadModule authn_default_module modules/mod_authn_default.so -LoadModule authz_host_module modules/mod_authz_host.so -LoadModule authz_user_module modules/mod_authz_user.so -LoadModule authz_owner_module modules/mod_authz_owner.so -LoadModule authz_groupfile_module modules/mod_authz_groupfile.so -LoadModule authz_dbm_module modules/mod_authz_dbm.so -LoadModule authz_default_module modules/mod_authz_default.so -LoadModule ldap_module modules/mod_ldap.so -LoadModule authnz_ldap_module modules/mod_authnz_ldap.so -LoadModule include_module modules/mod_include.so -LoadModule log_config_module modules/mod_log_config.so -LoadModule logio_module modules/mod_logio.so -LoadModule env_module modules/mod_env.so -LoadModule ext_filter_module modules/mod_ext_filter.so -LoadModule mime_magic_module modules/mod_mime_magic.so -LoadModule expires_module modules/mod_expires.so -LoadModule deflate_module modules/mod_deflate.so -LoadModule headers_module modules/mod_headers.so -LoadModule usertrack_module modules/mod_usertrack.so -LoadModule setenvif_module modules/mod_setenvif.so -LoadModule mime_module modules/mod_mime.so -LoadModule dav_module modules/mod_dav.so -LoadModule status_module modules/mod_status.so -LoadModule autoindex_module modules/mod_autoindex.so -LoadModule info_module modules/mod_info.so -LoadModule dav_fs_module modules/mod_dav_fs.so -LoadModule vhost_alias_module modules/mod_vhost_alias.so -LoadModule negotiation_module modules/mod_negotiation.so -LoadModule dir_module modules/mod_dir.so -LoadModule actions_module modules/mod_actions.so -LoadModule speling_module modules/mod_speling.so -LoadModule userdir_module modules/mod_userdir.so -LoadModule alias_module modules/mod_alias.so -LoadModule substitute_module modules/mod_substitute.so -LoadModule rewrite_module modules/mod_rewrite.so -LoadModule proxy_module modules/mod_proxy.so -LoadModule proxy_balancer_module modules/mod_proxy_balancer.so -LoadModule proxy_ftp_module modules/mod_proxy_ftp.so -LoadModule proxy_http_module modules/mod_proxy_http.so -LoadModule proxy_ajp_module modules/mod_proxy_ajp.so -LoadModule proxy_connect_module modules/mod_proxy_connect.so -LoadModule cache_module modules/mod_cache.so -LoadModule suexec_module modules/mod_suexec.so -LoadModule disk_cache_module modules/mod_disk_cache.so -LoadModule cgi_module modules/mod_cgi.so -LoadModule version_module modules/mod_version.so - -# -# The following modules are not loaded by default: -# -#LoadModule asis_module modules/mod_asis.so -#LoadModule authn_dbd_module modules/mod_authn_dbd.so -#LoadModule cern_meta_module modules/mod_cern_meta.so -#LoadModule cgid_module modules/mod_cgid.so -#LoadModule dbd_module modules/mod_dbd.so -#LoadModule dumpio_module modules/mod_dumpio.so -#LoadModule filter_module modules/mod_filter.so -#LoadModule ident_module modules/mod_ident.so -#LoadModule log_forensic_module modules/mod_log_forensic.so -#LoadModule unique_id_module modules/mod_unique_id.so -# - -# -# Load config files from the config directory "/etc/httpd/conf.d". -# -Include conf.d/*.conf - -# -# ExtendedStatus controls whether Apache will generate "full" status -# information (ExtendedStatus On) or just basic information (ExtendedStatus -# Off) when the "server-status" handler is called. The default is Off. -# -#ExtendedStatus On - -# -# If you wish httpd to run as a different user or group, you must run -# httpd as root initially and it will switch. -# -# User/Group: The name (or #number) of the user/group to run httpd as. -# . On SCO (ODT 3) use "User nouser" and "Group nogroup". -# . On HPUX you may not be able to use shared memory as nobody, and the -# suggested workaround is to create a user www and use that user. -# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) -# when the value of (unsigned)Group is above 60000; -# don't use Group #-1 on these systems! -# -User apache -Group apache - -### Section 2: 'Main' server configuration -# -# The directives in this section set up the values used by the 'main' -# server, which responds to any requests that aren't handled by a -# <VirtualHost> definition. These values also provide defaults for -# any <VirtualHost> containers you may define later in the file. -# -# All of these directives may appear inside <VirtualHost> containers, -# in which case these default settings will be overridden for the -# virtual host being defined. -# - -# -# ServerAdmin: Your address, where problems with the server should be -# e-mailed. This address appears on some server-generated pages, such -# as error documents. e.g. admin(a)your-domain.com -# -ServerAdmin root@localhost - -# -# ServerName gives the name and port that the server uses to identify itself. -# This can often be determined automatically, but we recommend you specify -# it explicitly to prevent problems during startup. -# -# If this is not set to valid DNS name for your host, server-generated -# redirections will not work. See also the UseCanonicalName directive. -# -# If your host doesn't have a registered DNS name, enter its IP address here. -# You will have to access it by its address anyway, and this will make -# redirections work in a sensible way. -# -#ServerName www.example.com:80 - -# -# UseCanonicalName: Determines how Apache constructs self-referencing -# URLs and the SERVER_NAME and SERVER_PORT variables. -# When set "Off", Apache will use the Hostname and Port supplied -# by the client. When set "On", Apache will use the value of the -# ServerName directive. -# -UseCanonicalName Off - -# -# DocumentRoot: The directory out of which you will serve your -# documents. By default, all requests are taken from this directory, but -# symbolic links and aliases may be used to point to other locations. -# -DocumentRoot "/var/www/html" - -# -# Each directory to which Apache has access can be configured with respect -# to which services and features are allowed and/or disabled in that -# directory (and its subdirectories). -# -# First, we configure the "default" to be a very restrictive set of -# features. -# -<Directory /> - Options FollowSymLinks - AllowOverride None -</Directory> - -# -# Note that from this point forward you must specifically allow -# particular features to be enabled - so if something's not working as -# you might expect, make sure that you have specifically enabled it -# below. -# - -# -# This should be changed to whatever you set DocumentRoot to. -# -<Directory "/var/www/html"> - -# -# Possible values for the Options directive are "None", "All", -# or any combination of: -# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews -# -# Note that "MultiViews" must be named *explicitly* --- "Options All" -# doesn't give it to you. -# -# The Options directive is both complicated and important. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#options -# for more information. -# - Options Indexes FollowSymLinks - -# -# AllowOverride controls what directives may be placed in .htaccess files. -# It can be "All", "None", or any combination of the keywords: -# Options FileInfo AuthConfig Limit -# - AllowOverride None - -# -# Controls who can get stuff from this server. -# - Order allow,deny - Allow from all - -</Directory> - -# -# UserDir: The name of the directory that is appended onto a user's home -# directory if a ~user request is received. -# -# The path to the end user account 'public_html' directory must be -# accessible to the webserver userid. This usually means that ~userid -# must have permissions of 711, ~userid/public_html must have permissions -# of 755, and documents contained therein must be world-readable. -# Otherwise, the client will only receive a "403 Forbidden" message. -# -# See also: http://httpd.apache.org/docs/misc/FAQ.html#forbidden -# -<IfModule mod_userdir.c> - # - # UserDir is disabled by default since it can confirm the presence - # of a username on the system (depending on home directory - # permissions). - # - UserDir disabled - - # - # To enable requests to /~user/ to serve the user's public_html - # directory, remove the "UserDir disabled" line above, and uncomment - # the following line instead: - # - #UserDir public_html - -</IfModule> - -# -# Control access to UserDir directories. The following is an example -# for a site where these directories are restricted to read-only. -# -#<Directory /home/*/public_html> -# AllowOverride FileInfo AuthConfig Limit -# Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec -# <Limit GET POST OPTIONS> -# Order allow,deny -# Allow from all -# </Limit> -# <LimitExcept GET POST OPTIONS> -# Order deny,allow -# Deny from all -# </LimitExcept> -#</Directory> - -# -# DirectoryIndex: sets the file that Apache will serve if a directory -# is requested. -# -# The index.html.var file (a type-map) is used to deliver content- -# negotiated documents. The MultiViews Option can be used for the -# same purpose, but it is much slower. -# -DirectoryIndex index.html index.html.var - -# -# AccessFileName: The name of the file to look for in each directory -# for additional configuration directives. See also the AllowOverride -# directive. -# -AccessFileName .htaccess - -# -# The following lines prevent .htaccess and .htpasswd files from being -# viewed by Web clients. -# -<Files ~ "^\.ht"> - Order allow,deny - Deny from all - Satisfy All -</Files> - -# -# TypesConfig describes where the mime.types file (or equivalent) is -# to be found. -# -TypesConfig /etc/mime.types - -# -# DefaultType is the default MIME type the server will use for a document -# if it cannot otherwise determine one, such as from filename extensions. -# If your server contains mostly text or HTML documents, "text/plain" is -# a good value. If most of your content is binary, such as applications -# or images, you may want to use "application/octet-stream" instead to -# keep browsers from trying to display binary files as though they are -# text. -# -DefaultType text/plain - -# -# The mod_mime_magic module allows the server to use various hints from the -# contents of the file itself to determine its type. The MIMEMagicFile -# directive tells the module where the hint definitions are located. -# -<IfModule mod_mime_magic.c> -# MIMEMagicFile /usr/share/magic.mime - MIMEMagicFile conf/magic -</IfModule> - -# -# HostnameLookups: Log the names of clients or just their IP addresses -# e.g., www.apache.org (on) or 204.62.129.132 (off). -# The default is off because it'd be overall better for the net if people -# had to knowingly turn this feature on, since enabling it means that -# each client request will result in AT LEAST one lookup request to the -# nameserver. -# -HostnameLookups Off - -# -# EnableMMAP: Control whether memory-mapping is used to deliver -# files (assuming that the underlying OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. On some systems, turning it off (regardless of -# filesystem) can improve performance; for details, please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablemmap -# -#EnableMMAP off - -# -# EnableSendfile: Control whether the sendfile kernel support is -# used to deliver files (assuming that the OS supports it). -# The default is on; turn this off if you serve from NFS-mounted -# filesystems. Please see -# http://httpd.apache.org/docs/2.2/mod/core.html#enablesendfile -# -#EnableSendfile off - -# -# ErrorLog: The location of the error log file. -# If you do not specify an ErrorLog directive within a <VirtualHost> -# container, error messages relating to that virtual host will be -# logged here. If you *do* define an error logfile for a <VirtualHost> -# container, that host's errors will be logged there and not here. -# -ErrorLog logs/error_log - -# -# LogLevel: Control the number of messages logged to the error_log. -# Possible values include: debug, info, notice, warn, error, crit, -# alert, emerg. -# -LogLevel warn - -# -# The following directives define some format nicknames for use with -# a CustomLog directive (see below). -# -LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined -LogFormat "%h %l %u %t \"%r\" %>s %b" common -LogFormat "%{Referer}i -> %U" referer -LogFormat "%{User-agent}i" agent - -# "combinedio" includes actual counts of actual bytes received (%I) and sent (%O); this -# requires the mod_logio module to be loaded. -#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio - -# -# The location and format of the access logfile (Common Logfile Format). -# If you do not define any access logfiles within a <VirtualHost> -# container, they will be logged here. Contrariwise, if you *do* -# define per-<VirtualHost> access logfiles, transactions will be -# logged therein and *not* in this file. -# -#CustomLog logs/access_log common - -# -# If you would like to have separate agent and referer logfiles, uncomment -# the following directives. -# -#CustomLog logs/referer_log referer -#CustomLog logs/agent_log agent - -# -# For a single logfile with access, agent, and referer information -# (Combined Logfile Format), use the following directive: -# -CustomLog logs/access_log combined - -# -# Optionally add a line containing the server version and virtual host -# name to server-generated pages (internal error documents, FTP directory -# listings, mod_status and mod_info output etc., but not CGI generated -# documents or custom error documents). -# Set to "EMail" to also include a mailto: link to the ServerAdmin. -# Set to one of: On | Off | EMail -# -ServerSignature On - -# -# Aliases: Add here as many aliases as you need (with no limit). The format is -# Alias fakename realname -# -# Note that if you include a trailing / on fakename then the server will -# require it to be present in the URL. So "/icons" isn't aliased in this -# example, only "/icons/". If the fakename is slash-terminated, then the -# realname must also be slash terminated, and if the fakename omits the -# trailing slash, the realname must also omit it. -# -# We include the /icons/ alias for FancyIndexed directory listings. If you -# do not use FancyIndexing, you may comment this out. -# -Alias /icons/ "/var/www/icons/" - -<Directory "/var/www/icons"> - Options Indexes MultiViews FollowSymLinks - AllowOverride None - Order allow,deny - Allow from all -</Directory> - -# -# WebDAV module configuration section. -# -<IfModule mod_dav_fs.c> - # Location of the WebDAV lock database. - DAVLockDB /var/lib/dav/lockdb -</IfModule> - -# -# ScriptAlias: This controls which directories contain server scripts. -# ScriptAliases are essentially the same as Aliases, except that -# documents in the realname directory are treated as applications and -# run by the server when requested rather than as documents sent to the client. -# The same rules about trailing "/" apply to ScriptAlias directives as to -# Alias. -# -ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" - -# -# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased -# CGI directory exists, if you have that configured. -# -<Directory "/var/www/cgi-bin"> - AllowOverride None - Options None - Order allow,deny - Allow from all -</Directory> - -# -# Redirect allows you to tell clients about documents which used to exist in -# your server's namespace, but do not anymore. This allows you to tell the -# clients where to look for the relocated document. -# Example: -# Redirect permanent /foo http://www.example.com/bar - -# -# Directives controlling the display of server-generated directory listings. -# - -# -# IndexOptions: Controls the appearance of server-generated directory -# listings. -# -IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable Charset=UTF-8 - -# -# AddIcon* directives tell the server which icon to show for different -# files or filename extensions. These are only displayed for -# FancyIndexed directories. -# -AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip - -AddIconByType (TXT,/icons/text.gif) text/* -AddIconByType (IMG,/icons/image2.gif) image/* -AddIconByType (SND,/icons/sound2.gif) audio/* -AddIconByType (VID,/icons/movie.gif) video/* - -AddIcon /icons/binary.gif .bin .exe -AddIcon /icons/binhex.gif .hqx -AddIcon /icons/tar.gif .tar -AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv -AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip -AddIcon /icons/a.gif .ps .ai .eps -AddIcon /icons/layout.gif .html .shtml .htm .pdf -AddIcon /icons/text.gif .txt -AddIcon /icons/c.gif .c -AddIcon /icons/p.gif .pl .py -AddIcon /icons/f.gif .for -AddIcon /icons/dvi.gif .dvi -AddIcon /icons/uuencoded.gif .uu -AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl -AddIcon /icons/tex.gif .tex -AddIcon /icons/bomb.gif core - -AddIcon /icons/back.gif .. -AddIcon /icons/hand.right.gif README -AddIcon /icons/folder.gif ^^DIRECTORY^^ -AddIcon /icons/blank.gif ^^BLANKICON^^ - -# -# DefaultIcon is which icon to show for files which do not have an icon -# explicitly set. -# -DefaultIcon /icons/unknown.gif - -# -# AddDescription allows you to place a short description after a file in -# server-generated indexes. These are only displayed for FancyIndexed -# directories. -# Format: AddDescription "description" filename -# -#AddDescription "GZIP compressed document" .gz -#AddDescription "tar archive" .tar -#AddDescription "GZIP compressed tar archive" .tgz - -# -# ReadmeName is the name of the README file the server will look for by -# default, and append to directory listings. -# -# HeaderName is the name of a file which should be prepended to -# directory indexes. -ReadmeName README.html -HeaderName HEADER.html - -# -# IndexIgnore is a set of filenames which directory indexing should ignore -# and not include in the listing. Shell-style wildcarding is permitted. -# -IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t - -# -# DefaultLanguage and AddLanguage allows you to specify the language of -# a document. You can then use content negotiation to give a browser a -# file in a language the user can understand. -# -# Specify a default language. This means that all data -# going out without a specific language tag (see below) will -# be marked with this one. You probably do NOT want to set -# this unless you are sure it is correct for all cases. -# -# * It is generally better to not mark a page as -# * being a certain language than marking it with the wrong -# * language! -# -# DefaultLanguage nl -# -# Note 1: The suffix does not have to be the same as the language -# keyword --- those with documents in Polish (whose net-standard -# language code is pl) may wish to use "AddLanguage pl .po" to -# avoid the ambiguity with the common suffix for perl scripts. -# -# Note 2: The example entries below illustrate that in some cases -# the two character 'Language' abbreviation is not identical to -# the two character 'Country' code for its country, -# E.g. 'Danmark/dk' versus 'Danish/da'. -# -# Note 3: In the case of 'ltz' we violate the RFC by using a three char -# specifier. There is 'work in progress' to fix this and get -# the reference data for rfc1766 cleaned up. -# -# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl) -# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de) -# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja) -# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn) -# Norwegian (no) - Polish (pl) - Portugese (pt) -# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv) -# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW) -# -AddLanguage ca .ca -AddLanguage cs .cz .cs -AddLanguage da .dk -AddLanguage de .de -AddLanguage el .el -AddLanguage en .en -AddLanguage eo .eo -AddLanguage es .es -AddLanguage et .et -AddLanguage fr .fr -AddLanguage he .he -AddLanguage hr .hr -AddLanguage it .it -AddLanguage ja .ja -AddLanguage ko .ko -AddLanguage ltz .ltz -AddLanguage nl .nl -AddLanguage nn .nn -AddLanguage no .no -AddLanguage pl .po -AddLanguage pt .pt -AddLanguage pt-BR .pt-br -AddLanguage ru .ru -AddLanguage sv .sv -AddLanguage zh-CN .zh-cn -AddLanguage zh-TW .zh-tw - -# -# LanguagePriority allows you to give precedence to some languages -# in case of a tie during content negotiation. -# -# Just list the languages in decreasing order of preference. We have -# more or less alphabetized them here. You probably want to change this. -# -LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW - -# -# ForceLanguagePriority allows you to serve a result page rather than -# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback) -# [in case no accepted languages matched the available variants] -# -ForceLanguagePriority Prefer Fallback - -# -# Specify a default charset for all content served; this enables -# interpretation of all content as UTF-8 by default. To use the -# default browser choice (ISO-8859-1), or to allow the META tags -# in HTML content to override this choice, comment out this -# directive: -# -AddDefaultCharset UTF-8 - -# -# AddType allows you to add to or override the MIME configuration -# file mime.types for specific file types. -# -#AddType application/x-tar .tgz - -# -# AddEncoding allows you to have certain browsers uncompress -# information on the fly. Note: Not all browsers support this. -# Despite the name similarity, the following Add* directives have nothing -# to do with the FancyIndexing customization directives above. -# -#AddEncoding x-compress .Z -#AddEncoding x-gzip .gz .tgz - -# If the AddEncoding directives above are commented-out, then you -# probably should define those extensions to indicate media types: -# -AddType application/x-compress .Z -AddType application/x-gzip .gz .tgz - -# -# MIME-types for downloading Certificates and CRLs -# -AddType application/x-x509-ca-cert .crt -AddType application/x-pkcs7-crl .crl - -# -# AddHandler allows you to map certain file extensions to "handlers": -# actions unrelated to filetype. These can be either built into the server -# or added with the Action directive (see below) -# -# To use CGI scripts outside of ScriptAliased directories: -# (You will also need to add "ExecCGI" to the "Options" directive.) -# -#AddHandler cgi-script .cgi - -# -# For files that include their own HTTP headers: -# -#AddHandler send-as-is asis - -# -# For type maps (negotiated resources): -# (This is enabled by default to allow the Apache "It Worked" page -# to be distributed in multiple languages.) -# -AddHandler type-map var - -# -# Filters allow you to process content before it is sent to the client. -# -# To parse .shtml files for server-side includes (SSI): -# (You will also need to add "Includes" to the "Options" directive.) -# -AddType text/html .shtml -AddOutputFilter INCLUDES .shtml - -# -# Action lets you define media types that will execute a script whenever -# a matching file is called. This eliminates the need for repeated URL -# pathnames for oft-used CGI file processors. -# Format: Action media/type /cgi-script/location -# Format: Action handler-name /cgi-script/location -# - -# -# Customizable error responses come in three flavors: -# 1) plain text 2) local redirects 3) external redirects -# -# Some examples: -#ErrorDocument 500 "The server made a boo boo." -#ErrorDocument 404 /missing.html -#ErrorDocument 404 "/cgi-bin/missing_handler.pl" -#ErrorDocument 402 http://www.example.com/subscription_info.html -# - -# -# Putting this all together, we can internationalize error responses. -# -# We use Alias to redirect any /error/HTTP_<error>.html.var response to -# our collection of by-error message multi-language collections. We use -# includes to substitute the appropriate text. -# -# You can modify the messages' appearance without changing any of the -# default HTTP_<error>.html.var files by adding the line: -# -# Alias /error/include/ "/your/include/path/" -# -# which allows you to create your own set of files by starting with the -# /var/www/error/include/ files and -# copying them to /your/include/path/, even on a per-VirtualHost basis. -# - -Alias /error/ "/var/www/error/" - -<IfModule mod_negotiation.c> -<IfModule mod_include.c> - <Directory "/var/www/error"> - AllowOverride None - Options IncludesNoExec - AddOutputFilter Includes html - AddHandler type-map var - Order allow,deny - Allow from all - LanguagePriority en es de fr - ForceLanguagePriority Prefer Fallback - </Directory> - -# ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var -# ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var -# ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var -# ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var -# ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var -# ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var -# ErrorDocument 410 /error/HTTP_GONE.html.var -# ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var -# ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var -# ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var -# ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var -# ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var -# ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var -# ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var -# ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var -# ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var -# ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var - -</IfModule> -</IfModule> - -# -# The following directives modify normal HTTP response behavior to -# handle known problems with browser implementations. -# -BrowserMatch "Mozilla/2" nokeepalive -BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 -BrowserMatch "RealPlayer 4\.0" force-response-1.0 -BrowserMatch "Java/1\.0" force-response-1.0 -BrowserMatch "JDK/1\.0" force-response-1.0 - -# -# The following directive disables redirects on non-GET requests for -# a directory that does not include the trailing slash. This fixes a -# problem with Microsoft WebFolders which does not appropriately handle -# redirects for folders with DAV methods. -# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV. -# -BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully -BrowserMatch "MS FrontPage" redirect-carefully -BrowserMatch "^WebDrive" redirect-carefully -BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully -BrowserMatch "^gnome-vfs/1.0" redirect-carefully -BrowserMatch "^XML Spy" redirect-carefully -BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully - -# -# Allow server status reports generated by mod_status, -# with the URL of http://servername/server-status -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-status> -# SetHandler server-status -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Allow remote server configuration reports, with the URL of -# http://servername/server-info (requires that mod_info.c be loaded). -# Change the ".example.com" to match your domain to enable. -# -#<Location /server-info> -# SetHandler server-info -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Location> - -# -# Proxy Server directives. Uncomment the following lines to -# enable the proxy server: -# -#<IfModule mod_proxy.c> -#ProxyRequests On -# -#<Proxy *> -# Order deny,allow -# Deny from all -# Allow from .example.com -#</Proxy> - -# -# Enable/disable the handling of HTTP/1.1 "Via:" headers. -# ("Full" adds the server version; "Block" removes all outgoing Via: headers) -# Set to one of: Off | On | Full | Block -# -#ProxyVia On - -# -# To enable a cache of proxied content, uncomment the following lines. -# See http://httpd.apache.org/docs/2.2/mod/mod_cache.html for more details. -# -#<IfModule mod_disk_cache.c> -# CacheEnable disk / -# CacheRoot "/var/cache/mod_proxy" -#</IfModule> -# - -#</IfModule> -# End of proxy directives. - -### Section 3: Virtual Hosts -# -# VirtualHost: If you want to maintain multiple domains/hostnames on your -# machine you can setup VirtualHost containers for them. Most configurations -# use only name-based virtual hosts so the server doesn't need to worry about -# IP addresses. This is indicated by the asterisks in the directives below. -# -# Please see the documentation at -# <URL:http://httpd.apache.org/docs/2.2/vhosts/> -# for further details before you try to setup virtual hosts. -# -# You may use the command line option '-S' to verify your virtual host -# configuration. - -# -# Use name-based virtual hosting. -# -#NameVirtualHost *:80 -# -# NOTE: NameVirtualHost cannot be used without a port specifier -# (e.g. :80) if mod_ssl is being used, due to the nature of the -# SSL protocol. -# - -# -# VirtualHost example: -# Almost any Apache directive may go into a VirtualHost container. -# The first VirtualHost section is used for requests without a known -# server name. -# -#<VirtualHost *:80> -# ServerAdmin webmaster(a)dummy-host.example.com -# DocumentRoot /www/docs/dummy-host.example.com -# ServerName dummy-host.example.com -# ErrorLog logs/dummy-host.example.com-error_log -# CustomLog logs/dummy-host.example.com-access_log common -#</VirtualHost> diff --git a/audrey_puppet/modules/apache2/templates/vhost.conf b/audrey_puppet/modules/apache2/templates/vhost.conf deleted file mode 100644 index 728a8d4..0000000 --- a/audrey_puppet/modules/apache2/templates/vhost.conf +++ /dev/null @@ -1,21 +0,0 @@ -<VirtualHost *> -ServerAdmin <%= admin %> -DocumentRoot <%= docroot %> -ServerName <%= name %> - -<% aliases.each do |al| -%> -ServerAlias <%= al %> -<% end -%> -<% if rails -%> -Railsautodetect on -<% end -%> -<% if conf -%> -Include <%= confroot %>/*.conf -<% end -%> - -LogLevel warn -ServerSignature Off -ErrorLog <%= logroot %>/error.log -CustomLog <%= logroot %>/access.log combined - -</VirtualHost> diff --git a/audrey_puppet/modules/ssh/manifests/client.pp b/audrey_puppet/modules/ssh/manifests/client.pp deleted file mode 100644 index 26a03fd..0000000 --- a/audrey_puppet/modules/ssh/manifests/client.pp +++ /dev/null @@ -1,10 +0,0 @@ -class ssh::client { - include ssh::common - - package { "openssh-client": - name => $operatingsystem ? { - Ubuntu => "openssh-client", - default => "openssh-clients", - }, - } -} diff --git a/audrey_puppet/modules/ssh/manifests/init.pp b/audrey_puppet/modules/ssh/manifests/init.pp deleted file mode 100644 index 278c76d..0000000 --- a/audrey_puppet/modules/ssh/manifests/init.pp +++ /dev/null @@ -1,5 +0,0 @@ -class ssh::common { - file { "/etc/ssh": - ensure => directory, mode => 0755 - } -} diff --git a/audrey_puppet/modules/ssh/manifests/server.pp b/audrey_puppet/modules/ssh/manifests/server.pp deleted file mode 100644 index 240a6f7..0000000 --- a/audrey_puppet/modules/ssh/manifests/server.pp +++ /dev/null @@ -1,7 +0,0 @@ -class ssh::server { - include ssh::server::user - include ssh::server::install - include ssh::server::config - include ssh::server::service - include ssh::server::keys -} diff --git a/audrey_puppet/modules/ssh/manifests/server/config.pp b/audrey_puppet/modules/ssh/manifests/server/config.pp deleted file mode 100644 index 593d622..0000000 --- a/audrey_puppet/modules/ssh/manifests/server/config.pp +++ /dev/null @@ -1,5 +0,0 @@ -class ssh::server::config { - file{"/etc/ssh/sshd_config": - content => template("ssh/sshd_config.erb") - } -} diff --git a/audrey_puppet/modules/ssh/manifests/server/install.pp b/audrey_puppet/modules/ssh/manifests/server/install.pp deleted file mode 100644 index 7766abf..0000000 --- a/audrey_puppet/modules/ssh/manifests/server/install.pp +++ /dev/null @@ -1,5 +0,0 @@ -class ssh::server::install { - package { "openssh-server": - require => Class["ssh::server::user"], - } -} diff --git a/audrey_puppet/modules/ssh/manifests/server/keys.pp b/audrey_puppet/modules/ssh/manifests/server/keys.pp deleted file mode 100644 index b45f749..0000000 --- a/audrey_puppet/modules/ssh/manifests/server/keys.pp +++ /dev/null @@ -1,10 +0,0 @@ -class ssh::server::keys { - file { - "/root/.ssh": - ensure => directory, mode => 700; - "/root/.ssh/authorized_keys": -# source => ["$fileserver/users/.ssh/authorized_keys.$fqdn", -# "$fileserver/users/.ssh/authorized_keys"], - mode => 0400 - } -} diff --git a/audrey_puppet/modules/ssh/manifests/server/service.pp b/audrey_puppet/modules/ssh/manifests/server/service.pp deleted file mode 100644 index 64434e9..0000000 --- a/audrey_puppet/modules/ssh/manifests/server/service.pp +++ /dev/null @@ -1,6 +0,0 @@ -class ssh::server::service { - service { "sshd": - require => Class["ssh::server::install"], - subscribe => Class["ssh::server::config","ssh::server::user"], - } -} diff --git a/audrey_puppet/modules/ssh/manifests/server/user.pp b/audrey_puppet/modules/ssh/manifests/server/user.pp deleted file mode 100644 index ea88709..0000000 --- a/audrey_puppet/modules/ssh/manifests/server/user.pp +++ /dev/null @@ -1,14 +0,0 @@ -class ssh::server::user { - - user { "sshd": - home => $operatingsystem ? { - default => "/var/empty/sshd", - "Ubuntu" => "/var/run/sshd" - }, - shell => $operatingsystem ? { - default => "/sbin/nologin", - "Ubuntu" => "/usr/sbin/nologin" - }, - allowdupe => false, - } -} diff --git a/audrey_puppet/modules/ssh/templates/sshd_config.erb b/audrey_puppet/modules/ssh/templates/sshd_config.erb deleted file mode 100644 index 65077ac..0000000 --- a/audrey_puppet/modules/ssh/templates/sshd_config.erb +++ /dev/null @@ -1,124 +0,0 @@ -Port <%= has_variable?("ssh_port") ? ssh_port : "22" %> -<%# ssh_port rescue "22" -%> -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# The default requires explicit activation of protocol 1 -#Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -SyslogFacility AUTHPRIV -#LogLevel INFO - -# Authentication: - -#LoginGraceTime 2m -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -#RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys -#PubkeyAgent none -#PubkeyAgentRunAs nobody - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -#IgnoreUserKnownHosts no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes -#PermitEmptyPasswords no -PasswordAuthentication yes - -# Change to no to disable s/key passwords -#ChallengeResponseAuthentication yes -ChallengeResponseAuthentication no - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -GSSAPIAuthentication yes -#GSSAPICleanupCredentials yes -GSSAPICleanupCredentials yes -#GSSAPIStrictAcceptorCheck yes -#GSSAPIKeyExchange no - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -#UsePAM no -UsePAM yes - -# Accept locale-related environment variables -AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -AcceptEnv XMODIFIERS - -#AllowAgentForwarding yes -#AllowTcpForwarding yes -#GatewayPorts no -#X11Forwarding no -X11Forwarding yes -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#ShowPatchLevel no -#UseDNS yes -#PidFile /var/run/sshd.pid -#MaxStartups 10 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/libexec/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server diff --git a/audrey_puppet/node b/audrey_puppet/node deleted file mode 100755 index b169381..0000000 --- a/audrey_puppet/node +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/sh - -BASEDIR=$(dirname $0) - -CAT=/bin/cat -NODES_DIR="${BASEDIR}/nodes" - -# look for node setting files, or revert to default -[ -f ${NODES_DIR}/$1 ] && NODE=$1 || NODE=default - -$CAT $NODES_DIR/$NODE diff --git a/audrey_puppet/nodes/default b/audrey_puppet/nodes/default deleted file mode 100644 index 158a637..0000000 --- a/audrey_puppet/nodes/default +++ /dev/null @@ -1,5 +0,0 @@ ---- -parameters: - #ssh_port: 22 -classes: -- ssh::client diff --git a/audrey_puppet/nodes/imagebuilder.tlv.redhat.com b/audrey_puppet/nodes/imagebuilder.tlv.redhat.com deleted file mode 100644 index cbdaccd..0000000 --- a/audrey_puppet/nodes/imagebuilder.tlv.redhat.com +++ /dev/null @@ -1,5 +0,0 @@ ---- -parameters: - ssh_port: 822 -classes: -- ssh::server diff --git a/audrey_puppet/run b/audrey_puppet/run deleted file mode 100755 index a08eb5e..0000000 --- a/audrey_puppet/run +++ /dev/null @@ -1,4 +0,0 @@ -#! /bin/sh - -echo | puppet --verbose --manifest manifests/defaults.pp --modulepath modules \ - --external_nodes `pwd`/node --node_terminus exec --no-report -- 1.7.7.3