From: Andreas Gerstenberg Date: Tue, 16 Aug 2016 08:02:45 +0000 (+0200) Subject: bmw initial aem author and publish X-Git-Tag: v0.1.0~4288 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=8acc21fb2842cc801d5dd75cf86b547ff53a296b;p=pixelpark%2Fhiera.git bmw initial aem author and publish --- diff --git a/customer/bmw/common.yaml b/customer/bmw/common.yaml new file mode 100644 index 00000000..9d603ebb --- /dev/null +++ b/customer/bmw/common.yaml @@ -0,0 +1,101 @@ +--- +site::role: base_for_old_systems +site::additional_classes: + - java + - accounts + - site::profile::cron + +java::package: java-1.8.0-oraclejdk +puppetconf::server: puppetmaster01.pixelpark.com + +ntp::servers: + - '0.centos.pool.ntp.org' + - '1.centos.pool.ntp.org' + - '2.centos.pool.ntp.org' + +apache::mpm_module: worker +apache::mod::mime::mime_types_additional: + 'AddHandler': + 'type-map': 'var' + 'AddType': + 'text/html': '.shtml' + 'AddOutputFilter': + 'INCLUDES': '.shtml' + 'AddEncoding': + 'gzip': '.svgz' + +accounts::users: + sirona: + apply: false + +aem::maven::mirrors: + - {id: pixelpark-nexus, url: 'https://nexus.pixelpark.com/content/groups/public/', mirrorof: '*'} + +sudo::configs: + aem: + priority: "05" + content: | + Cmnd_Alias START_PUBLISH = /usr/bin/systemctl start publish + Cmnd_Alias START_AUTHOR = /usr/bin/systemctl start author + Cmnd_Alias START_PUPPET = /usr/bin/systemctl start puppet + Cmnd_Alias STOP_PUBLISH = /usr/bin/systemctl stop publish + Cmnd_Alias STOP_AUTHOR = /usr/bin/systemctl stop author + Cmnd_Alias STOP_PUPPET = /usr/bin/systemctl stop puppet + Cmnd_Alias BACKUP = /usr/local/sbin/zfs_rotation.sh* + aem ALL=(ALL) NOPASSWD:START_PUBLISH, START_AUTHOR, START_PUPPET, STOP_PUBLISH, STOP_AUTHOR, STOP_PUPPET, BACKUP + +# +# Author +# +site::profile::aem::author::license_download_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAHiAyTkjYu7u4DveVGZYC9TKUmFWwAVcll4SFMZ604E38Xm+5rNa8TVAcW9lnnA3qqtbEn6+zwdm/aaSZqq9f/jdtbEcHH2syGq7WcdWtmR7bKVsOWz2J0JiGWyKlCKkAHP4kSWYJ2dQUMaah9rF/4qMaND36Z5fiBoTu/+hfNW0or+eqTHB25E0apIfir1x4MyKwlrdryvYqVlAVczAha1HxIbfNAEhPu4ij0dS3Y7aULAlXyULSBsSM8RmfXrGzrkphAH1lgt6ubk2B7rPchu5CKDl63YVYjz6u7nd2wNcj8a31Gwc8r3bsLbOHVaPKsgeQ8/SiA6kNHZu3oFQ9YzBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBt6tSmxQnKOlaK+zrP3CKcgDAiKA5trIvwC+HOEXL5LN6XpIFTNN4TLWccnKJoHneUCJzdw3vK19RN23XEwlb+aCk=] +site::profile::aem::author::license_product_version: '6.1.0.20150507' +site::profile::aem::author::license_customer_name: 'Day Training' +site::profile::aem::author::license_product_name: 'Adobe Experience Manager' + +site::profile::aem::author::jvm_opts: '-d64 -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9010 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false' + +#aem::author::install_packages: +site::profile::aem::author::instance_name: author +site::profile::aem::author::install_mode: 'quickstart' +site::profile::aem::author::install_options: + download_type: maven + download_uri: com.adobe.aem:aem-quickstart:6.1:jar + +# Compaction & Backup for Author +site::profile::aem::author::oak_version: '1.2.7' +site::profile::aem::author::backup_command: '/usr/bin/sudo -n /usr/local/sbin/zfs_rotation.sh datapool 2592000' +site::profile::aem::author::compaction_timeout: 21600 # 6h Timeout +site::profile::aem::author::mail_to: + - gerstenberg@pixelpark.com + +# +# Publisher +# +site::profile::aem::publish::license_download_id: ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAYdR+YqNXHmBT02M0v6XzyqGqI6C1tSrttKzOhka9kVde3KpVTIFCZjP7qg7SEvSPYesgcTAEPNJBGfFOAwZ3OsMLO/ikdGbZ2+nTIyB+CV8mGb98djBCkKjp69Qf6Vc6hl25djj7oj5sgoV7TqHMovrxxzkiqcleUCsz66h+uOP7WLBNnevRez7kqbfanwmeNoV2n/g1ZEX/oVxfthBMruE2cwLs45tSBeNx7244MYOv2tUyjMgm4odjwFH8ADWMvS//cGrWlblTQrFaG5c/6WCsBqj/mB9LmP3s6oykQd/At4Rxn04/9HjYjHLeymBkoEDs6Pe0Cmtpze3WdXdQWjBcBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBocffLcP/NHPsJFRPpyIttgDCTdpMMU3E+vHV0mgruxSOC8j/oSk0cMtfDeDhL1v1kmTy6+RhxKGkoshUCJ5Ymq9o=] +site::profile::aem::publish::license_product_version: '6.1.0.20150507' +site::profile::aem::publish::license_customer_name: 'Day Training' +site::profile::aem::publish::license_product_name: 'Adobe Experience Manager' + +site::profile::aem::publish::jvm_opts: '-d64 -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9010 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false' + +site::profile::aem::publish::install_mode: 'quickstart' +site::profile::aem::publish::instance_name: publish +site::profile::aem::publish::install_options: + download_type: maven + download_uri: com.adobe.aem:aem-quickstart:6.1:jar + +# Compaction & Backup for Publisher +site::profile::aem::publish::oak_version: '1.2.7' +site::profile::aem::publish::backup_command: '/usr/bin/sudo -n /usr/local/sbin/zfs_rotation.sh datapool 2592000' +site::profile::aem::publish::compaction_timeout: 21600 # 6h Timeout +site::profile::aem::publish::mail_to: + - gerstenberg@pixelpark.com +# +# dispatcher +# +aem::dispatcher::download_type_options: + groupid: com.adobe.aem + artifactid: dispatcher-apache2.4 + version: 4.2.0 + packaging: so + repos: https://nexus.pixelpark.com/content/groups/public/ diff --git a/customer/bmw/prod.yaml b/customer/bmw/prod.yaml new file mode 100644 index 00000000..54eb1fb2 --- /dev/null +++ b/customer/bmw/prod.yaml @@ -0,0 +1,166 @@ +--- +# Für Livegang +# accounts::users: +# florian.schade: +# apply: true + +# admin:admin +site::profile::aem::author::admin_pass: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhLotW9eI7KayDl6fnd3Y+izen08BFIaZ+kLjVPUQX9gPg3lKbO0uacisAIFa/eaClmvIdRXe2TYOnb0zE1WM0s9AZj32U9vcEozn9QxCxerOEulPpqKX8zXWh6QoBSGBCO8fGPVR68YMZ3eZvOs2usOX8Fkw3K2agZhhC/+xciu/m9PjE9J06UmGhkIQMI13R0vWTTcNe9PYfKMCVB+z8zkguKazGeLwlsbCsAI437c1nf6No1oxz5capZwpVqSUWh3S+3GLn9XVPF6VmcdnD1Z+kJlcAPKsiAtcnKAsmesNvcfvN1a0nAFgqT2oiPW3CLf0b9hh1Jw6sgLaEnvR9jA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCJ/ObPWEXizDMYs7f9Wwf5gBAKMfZr21dNIIILlxmAIlUg] +site::profile::aem::publish::admin_pass: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEANqQw0Jgj0dg7+OcMz6kFFFfzfoDtLE3RCvEO3T5tJ6tGgmcjWGjyO7v0ukrrwLoBCPly4g00GUc6GyLnhbS5An5elXUckm7blBt1r5QqZDaJG6Dc2OQCcqyUntZM0vfgtygWkBDrn8PWkkBv2lifnQcwHD8q+UjmuU/tr7wEAxKW53LpVP7wnKE4co/HFD2LvQMzxsWCx+oo+Up3DtnRxj0peSX+T/e/NG8b0DyJx9CLwyfb6CMCEl2m9JcjPaesdS0VkCgVoxe9waqgYiLxmq0s766xTg9XMFJuvEuUtYhLs3ywwtAVxo4V/jt9t+/AOU3fHR17M/oUM9/555KLHDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC12Pc8m6n48inuoUNLzhlogBBZmDF6cVzqgKAEfjeh0gG2] + +aem::packages: + service_pack_1: + groupid: 'com.adobe.aem' + artifactid: 'aem61-service-pack-1' + version: '1.0' + acs_aem_commons: + groupid: 'com.adobe.acs' + artifactid: 'acs-aem-commons-content' + version: '2.6.4' + cq-6.1.0-hotfix-9130: + groupid: 'com.adobe.aem' + artifactid: 'cq-6.1.0-hotfix-9130' + version: '1.0' + cq-6.1.0-hotfix-9381: + groupid: 'com.adobe.aem' + artifactid: 'cq-6.1.0-hotfix-9381' + version: '1.1' + +site::profile::aem::publish::jvm_heap_min: 4096M +site::profile::aem::publish::jvm_heap_max: 6144M + +site::profile::aem::author::jvm_heap_min: 6144M +site::profile::aem::author::jvm_heap_max: 8192M + +# www:yIRN57qmO28y +site::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAiBukxV7jmUZA/lYsE7pL0KpuGQ2ViHubHZehBUwtxa9zOgyrB/Tlr2Z79THHZsjSXGOzQSK1di57m8Hn15fUVXacrjvLeYsnA2bg+EgQb/ZzbdSQBTuWyKwDZ3bkXPnX6OwhRuSsYvN/pNjc/sgfNdT/j/staZEshMAQVCgJ/WekVAALaWK50yYWL5+JUNfYdRiluKOU39IkBGp5dPQhNWDFPezSiRbr7yDnSL6pAYxyj1pqTXmlGnzzqvA3tk83q6nVgM7nEsNzaHcrlRBVPTezfwyjpPahCTnAYGquMyMQ2wWmqxYapKPDrpyPdN/u+VzaO0wv/oocRwXBAUAGcTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDY01oPkVnWlNvTokIhrHaigBC3RE6PdNfrlMoAnEA5Kk4F] + +# Apache Publisher +site::profile::aem::publish::pp_vhosts: + bmw: + serveraliases: + - www-bmwi-de.pixelpark.net + docroot: '/var/www/html/cache' + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + docroot_owner: apache + directories: + - docroot: + provider: directory + path: '/var/www/html/cache' + sethandler: dispatcher-handler + options: + - FollowSymLinks + - location1: + provider: location + path: '/' + auth_type: Digest + auth_name: brand + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + require: + - local + +# Apache Author +site::profile::aem::author::enable_apache: true +site::profile::aem::author::pp_vhosts: + bmw-author: + docroot: '/var/www' + servername: red-bmw-de.pixelpark.net + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + allow_encoded_slashes: 'on' + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://red-bmw-de.pixelpark.net$1 [L,R=302]' + proxy_preserve_host: true + proxy_pass: + - { path: /, url: 'http://localhost:4502/' } + request_headers_ssl: + - 'set X-Forwarded-Proto "https" env=HTTPS' + directories: + - docroot: + provider: directory + path: '/var/www/' + +aem::dispatcher::publish_farm: + website: + clientheaders: + - '*' + renders: + - { hostname: "127.0.0.1", port: '4503' } + filter: + - { type: 'deny', glob: '*' } + - { type: 'allow', url: '/' } + - { type: 'allow', url: '*.html' } + - { type: 'allow', url: '*.css' } # enable css + - { type: 'allow', url: '*.gif' } # enable gifs + - { type: 'allow', url: '*.ico' } # enable icos + - { type: 'allow', url: '*.js' } # enable javascript + - { type: 'allow', url: '*.png' } # enable png + - { type: 'allow', url: '*.swf' } # enable flash + - { type: 'allow', url: '*.jpg' } # enable jpg + - { type: 'allow', url: '*.jpeg' } # enable jpeg + - { type: 'allow', url: '*.svg' } # enable svg + - { type: 'allow', url: '*.ttf' } # enable ttf + - { type: 'allow', url: '*.woff' } # enable woff + - { type: 'allow', url: '*.woff2' } # enable woff2 + - { type: 'allow', url: '*.eot' } # enable eot + - { type: 'allow', url: '*.pdf' } # enable pdf + - { type: 'allow', url: '*.wmv' } # enable wmv + - { type: 'allow', url: '*.psd' } # enable psd (Adobe Photoshop Dokument) + - { type: 'allow', url: '*.tif' } # enable tif + - { type: 'allow', url: '*.indd' } # enable indd (Adobe Indesign Dokument) + # Enable features + - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization + - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API + # Security Rules + - { type: 'deny', url: '/etc/' } + - { type: 'deny', url: '/libs/' } + - { type: 'allow', url: '/etc/designs/*' } + - { type: 'allow', url: '/etc/clientlibs/*' } + - { type: 'allow', url: '/etc/segmentation.segment.js' } + - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json' } + - { type: 'allow', url: '/libs/wcm/stats/tracker.js' } + - { type: 'allow', url: '/libs/cq/personalization/*' } # (JS, CSS and JSON) + - { type: 'allow', url: '/libs/cq/security/userinfo.json' } # (CQ user information) + - { type: 'allow', url: '/libs/granite/security/currentuser.json' } # (data must not be cached) + - { type: 'allow', url: '/libs/cq/i18n/*' } # (Internalization) + # CSRF + - { type: 'allow', url: '/libs/granite/csrf/token.json' } + # Deny content grabbing + - { type: 'deny', url: '*.infinity.json' } + - { type: 'deny', url: '*.tidy.json' } + - { type: 'deny', url: '*.sysview.xml' } + - { type: 'deny', url: '*.docview.json' } + - { type: 'deny', url: '*.docview.xml' } + - { type: 'deny', url: '*.*[0-9].json' } + # Deny query + - { type: 'deny', url: '*.query.json' } + cache_docroot: '/var/www/html/cache' + cache_rules: + - { type: 'allow', glob: '*' } + cache_invalidate: + - { type: 'deny', glob: '*' } + - { type: 'allow', glob: '*.html' } + - { type: 'allow', glob: '/etc/segmentation.segment.js' } + - { type: 'allow', glob: '*/analytics.sitecatalyst.js' } + cache_allowedClients: + - { type: 'deny', glob: '*' } + - { type: 'allow', glob: '127.0.0.1' } + cache_headers: + - 'X-Content-Type-Options' + - 'X-Frame-Options' + - 'X-XSS-Protection' + - 'Last-Modified' + - 'Expires' + - 'Content-Type' + - 'Access-Control-Allow-Origin' diff --git a/customer/bmw/red-bmw-de.pixelpark.net.yaml b/customer/bmw/red-bmw-de.pixelpark.net.yaml index 31dd860d..4bffb396 100644 --- a/customer/bmw/red-bmw-de.pixelpark.net.yaml +++ b/customer/bmw/red-bmw-de.pixelpark.net.yaml @@ -1,2 +1,13 @@ --- -site::role: base \ No newline at end of file +site::role: base +site::additional_classes: + - repo::redhat::zfs + - site::profile::aem::author + +site::profile::cron::cronjobs: + zfs_rotation: + user: root + command: '/usr/local/sbin/zfs_rotation.sh datapool 2592000' # 30 days + minute: 0 + hour: 2 + description: ZFS Snapshot \ No newline at end of file diff --git a/customer/bmw/www-bmw-de.pixelpark.net.yaml b/customer/bmw/www-bmw-de.pixelpark.net.yaml index 31dd860d..20b593fb 100644 --- a/customer/bmw/www-bmw-de.pixelpark.net.yaml +++ b/customer/bmw/www-bmw-de.pixelpark.net.yaml @@ -1,2 +1,13 @@ --- -site::role: base \ No newline at end of file +site::additional_classes: + - site::profile::aem::publish + +# Cron for Compaction +site::profile::cron::cronjobs: + compaction: + user: aem + command: 'sudo -n /bin/systemctl stop puppet ; /opt/adobe/publish/crx-quickstart/bin/oak_compactor.py ; sudo -n /bin/systemctl start puppet' + minute: 0 + hour: 3 + weekday: 0 + description: AEM Tar Compaction