lapp-shop dev02 initial

diff --git a/customer/lapp-shop/dev02-www-lapp-de.pixelpark.net.yaml b/customer/lapp-shop/dev02-www-lapp-de.pixelpark.net.yaml
index ed97d539c095cf1413af30cc23dea272095b97dd..b40588483598b5bdec1ee518c024879557e8a603 100644 (file)
--- a/customer/lapp-shop/dev02-www-lapp-de.pixelpark.net.yaml
+++ b/customer/lapp-shop/dev02-www-lapp-de.pixelpark.net.yaml
@@ -1 +1,166 @@
 ---
+infra::additional_classes:
+  - infra::profile::apache
+  - infra::profile::mysql_server
+  - apache::mod::proxy_http
+  - java
+
+java::package: java-1.8.0-oraclejdk
+
+# Achtung! in der Datei /etc/yum.conf muss folgender Eintrag geändert werden
+# BEVOR das mysql57 aktiviert/installiert werden kann!
+# von: exclude=mysql-community*
+# nach: exclude=mariadb*
+
+# repo::ol7_mysql57: true
+infra::additional_files:
+  mysql57_repo:
+    path: '/etc/yum.repos.d/mysql57.repo'
+    owner: 'root'
+    group: 'root'
+    mode: '0644'
+    content: |
+      [mysql57]
+      name=MySQL 5.7 for Oracle Linux 7 ($basearch)
+      baseurl=https://repo.pixelpark.com/Linux/yum/OracleLinux/OL7/MySQL57/community/$basearch/
+      enabled=1
+      gpgcheck=1
+      gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
+
+# abweichende Namen müssen den Defaults überschrieben werden
+mysql::server::package_name: mysql-community-server
+mysql::client::package_name: mysql-community-client
+mysql::server::service_name: 'mysqld'
+
+# abweichende File müssen in der /etc/my.cnf.d/server.cnf überschrieben werden
+mysql::server::override_options:
+  'mysqld':
+    log-error: '/var/log/mysqld.log'
+    pid-file: '/var/run/mysqld/mysqld.pid'
+
+accounts::users:
+  hybris:
+    uid: 61000
+    group: hybris
+    shell: "bash"
+    apply: true
+    comment: "Hybris User"
+    keys:
+      detlef.gaisser:
+        key: "AAAAB3NzaC1yc2EAAAADAQABAAABAQDlULtDnNWDd3RoeMdsQN9BJnT1sCeFIqP0QvXgDV/65HXx5u6GFo9wtOqCN+RJBtgdMTitz1YIslJxv5MeCFKEkcxRW5Uj29uWqvoij9ZCnLUtFmqiEt2PyjPWda6TXnQPNYprVoeP/wZTq8priWDxAUaiNGFkaNFL/KAjeQe35+9YrdkEXYyn1PKB1yHM4DcTwFoQcSCgo0vSOZKcqxV/8CW9XxHoBMDWOvtgXebHRu2lqrK0ToF/lShXIa/oq7GvwrKDJlrVGOPhPcW/sacGdMZ2sSmhFWb6ndCnPM9jnw/4sj4NOJwh6j8zpSaX8Kfh62zy38GlLz9mhHFS3oEd"
+  detlef.gaisser:
+    apply: true
+    sudo: true
+
+mysql::server::root_password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAfaIqbNcMXKYgJIospOViMamYuHWVRvoWJqOZMZwHSG8iUXZAb6mDbQLMocIqj4lKD0PpTGDWHL/GqnyFnX0l78K2ZRWceaG/28MqHU/vptRcqv9DmLmMFKqtZQaWAXIBFPFFYEE7LQbo702rpYEehn+2cF4wwLPQXpGBwJSf5AB66EySU5jY6Gs9/aa8PBHLBbZkAZQTJzlLDt5dwGWYBwGIW4A4Y39b9HKFBmBuaxv4QYX1suM7ahGMWnUfYLNrQyB3PGQSn0OAAkgRB21HULanwu3bt+TaeuZ44ZNhEQI4PRu7yMMRhsaT07N2eDTjgMB7tvWE4S2Pl0gH0idRRjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCXFC6noOOwlw9MA8qtUocdgCCmdJ2/IAWP95cNlr/5sUG6d+N66E6gH3GuQUUOLJ8PMw==]
+mysql::server::backup::backuppassword: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAoLp+jzd0DKdbuAhx/sAOwTLfcgRWCZvETROU7k40M8/ZXyJtlQKvwoZIKXuYnjkoEGTXzFhJfNNsfU6kH04aDdzPIyd+eIjvPLIMJQ4hFcA9hZ0MpLT4zGY/FZ/5gyxrhQKhfFJuaAhugrL+irY4cxyyY/98o2ieNq1moBGns4XMbK9Io5JFupEmctNNi5dpKmIX1Whqrz/TxzjInJTH+9CKLMfWCa1HuX0L1rxxaAG57Qd1vI1aHwlj8IEe1R4E/9fFhzaxcIrNF9ryRJ+vSxczZS1Uf9ewb8vnx6Bf+cWgP4ZwDNWO7tT3fECCS6y4NPgH9DCdaUIt6BKxlEn4ATBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBZqkff7p1AMBgJpcaGm1WpgCDhtVluqsBh3TT8ZchlQCapQfvunsdWykYyRd2/VdyINw==]
+infra::profile::mysql_server::databases:
+  lapp:
+    user: lapp
+    password: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAUGMGc1YhdglhuOKbvm0hdUu+7c9SDPSCEbYmFHdTb3AEqHJGeTMSx2BBzOfI/svtBXMXgnNJHPykYzKQMM944f23wCZ6YLK3PulXMUt21xmr8PsyHSqllKHRIozFIwn1t4sT5RcPTP47DQ3xyNG0uv0ncK0wSBAqED6ZSl5MiGrFD425qYIBCoOQArJEw9xFP2o6n3Dln1eMvBNRsM13xXowXjLCH2bv4WPqvBaUIFiSniEuYj3nQsbFoZZl0fAN7rl15B3xndqvrGQDmgu8DYLBNRDeogyEwtwSeHmVJGQ2ZrG6XXb/KqTkCbX1ddvo8SRpLOPofs5qksiwtdT3TDBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAYMYhqaW5dRugpOBg4diUXgCBaoF2IlKqcNc4PWvrVoEO/uGR8e3CsfolUVOGiez/L2Q==]
+
+infra::profile::apache::htdigest:
+  server:
+    www: ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoIIBejCCAXYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAVQr9NvxKune1HC+hn6htQCWh61TE2NsvPV3bsCIJnm2cTe4XfKE4+w6tLtUikvdFPmH0mzegauxK8Z28ypkrAOxHGWlwHBsmJx/MAFyfMuxgt6KQEKmLhv1kAylIJR3oBdLNdrcj+myBafv1JgtxUrjY1MOTFRZ6NZ0Wqj4g2LvAB4f+s5w9f0fkBGdpiOQi0L5szq2ABXUpTqtzchj1Dc/drWbcprYdQDk0HTSurbSp1skiUowuIq1VNJXnl0icEDnd1K5+V730N/we0JuDFja/Q3zp/yGGeFzK4cAHzlzy7jj0aA0QiKQ60SGxy3Rp+c0wPJhACyPgH74HQ0+aTjBMBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBA/n8mEm/0LU+PlcbZhu46vgCCQCTN6HDaooQ/N2CkykiUnNwdYbHRqT6IsJUdFE9NaTA==]
+
+infra::profile::apache::pp_vhosts:
+  lapp-shop:
+    docroot: /var/www/lapp-shop
+    servername: dev02-www-lapp-de.pixelpark.net
+    cert_servername: 'wildcard.pixelpark.net'
+    cert_customer: 'pixelpark'
+    ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+    ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem'
+    ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem'
+
+#   Damit es ohne gültiges Backend Certificate funktioniert
+    custom_fragment: |
+      SSLProxyVerify none
+        SSLProxyCheckPeerCN off
+        SSLProxyCheckPeerName off
+#   SSLProxyEngine On
+    ssl_proxyengine: true
+#   ProxyPreserveHost On
+    proxy_preserve_host: true
+#   ProxyPass Settings (geht auch in Locations)
+    proxy_pass:
+      - { path: /assets, url: '!' }
+      - { path: /, url: 'https://localhost:9002/' }
+    setenvif:
+      - 'HTTPS on HTTPS=on'
+    setenvifnocase:
+      - 'Request_URI \.(?:gif|jpe?g|png)$ no-gzip'
+      - 'Request_URI \.(?:gif|jpe?g|png)$ dont-vary'
+    headers:
+#      - always append X-Frame-Options SAMEORIGIN
+      - append Vary User-Agent env=!dont-vary
+    docroot_owner: apache
+    docroot_group: apache
+    docroot_mode: '2775'
+    directories:
+      - provider: directory
+        path: '/var/www/lapp-shop'
+        options:
+          - FollowSymLinks
+          - MultiViews
+        allow_override:
+          - All
+      - provider: directory
+        path: '/var/www/cgi-bin'
+        ssl_options:
+          - '+StdEnvVars'
+
+      - provider: location
+        path: '/'
+        auth_type: Digest
+        auth_name: server
+        auth_digest_provider: file
+        auth_digest_algorithm: MD5
+        auth_user_file: '/etc/httpd/htdigest'
+        auth_require: 'valid-user'
+
+      - provider: location
+        path: '/admin'
+        sethandler: "admin"
+
+      - provider: location
+        path: '/hmc'
+        sethandler: "hmc"
+
+      - provider: location
+        path: '/cmscockpit'
+        sethandler: "cmscockpit"
+        proxy_pass:
+          - { path: /, url: 'https://localhost:9002/cmscockpit' }
+
+      - provider: location
+        path: '/medias'
+        sethandler: "medias"
+        proxy_pass:
+          - { path: /, url: 'http://localhost:9001/media' }
+
+#      - provider: location
+#        path: '/solr'
+#        sethandler: "solr"
+#        proxy_pass:
+#          - { path: /, url: 'http://localhost:8983/solr' }
+#        custom_fragment: |
+#          RequestHeader set Authorization "Basic c29scnNlcnZlcjpzZXJ2ZXIxMjM="
+
+      - provider: location
+        path: '/maintainance'
+        sethandler: "maintainance"
+        require:
+          - local
+
+      - provider: filesmatch
+        path: '\.(cgi|shtml|phtml|php)$'
+        ssl_options:
+          - '+StdEnvVars'
+
+    rewrites:
+      - comment: 'frontend root rewrite'
+        rewrite_cond:
+          - '%{literal("%")}{REQUEST_URI} ^(/?)$'
+        rewrite_rule:
+          - '(.*)$ /yb2bacceleratorstorefront/ [R=301]'