From: sascha.strassheim Date: Tue, 22 May 2018 09:20:03 +0000 (+0200) Subject: FBBPSCDM-62 X-Git-Tag: v0.1.0~969 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=912dd8891482a7ff1a64b80e6cb781cfdc1279c6;p=pixelpark%2Fhiera.git FBBPSCDM-62 --- diff --git a/customer/fbb-passngr/dev-poi-fbb.pixelpark.net b/customer/fbb-passngr/dev-poi-fbb.pixelpark.net deleted file mode 100644 index aed48854..00000000 --- a/customer/fbb-passngr/dev-poi-fbb.pixelpark.net +++ /dev/null @@ -1,45 +0,0 @@ ---- -infra::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAehSprUuT2bcqDE4AjYNKPjBXDyca2jgpQfl2q/RXHus2TMdQ6kl38qF+Z5ePFxJhMSI6VENX9SDAoRSBcpPgI8nXiXgf/AeLOJ5r2SrMFlETYgN5nYkYsEy5AOiopOpfiLYakSKJC6Vj1M+8Yz+ySdVooI03NtgAa/1jAuzvF3Ehn/D4hVOc3H56OVFJ6p/WAIGQkpPT42KrQUU1HGWLEMXgvYN1mKkbiZLDkzPvRGWkp1pBqcgfNS0d22FX6RbT2E1vm/1nFzouIerm+9XEyWCYTsOW9AVjVC73cXtI32fm/ufAdnCChQ2f941dZoA5uUwPPUQs3VDiIg2BVgi/sjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB9zJuMd8mHOR5dh8nWE7AQgBARcJQpnWD35UGtus+SMaP0] - -infra::profile::apache::pp_vhosts: - dev-poi: - docroot: /var/www/poi - servername: dev-poi-fbb.pixelpark.net - cert_servername: 'wildcard.pixelpark.net' - cert_customer: 'pixelpark' - ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' - docroot_owner: apache - docroot_group: apache - docroot_mode: '2775' - directories: - - directory_root: - provider: directory - path: '/var/www/poi' - addhandlers: - - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' } - options: - - FollowSymLinks - - MultiViews - allow_override: - - All - directoryindex: index.php index.html - - location1: - provider: location - path: '/' - auth_type: Digest - auth_name: server - auth_digest_provider: file - auth_digest_algorithm: MD5 - auth_user_file: '/etc/httpd/htdigest' - auth_require: 'valid-user' - rewrites: - - alias: - comment: 'Alles auf https umleiten' - rewrite_cond: - - '%%{ich-trickse}{HTTPS} !=on' - rewrite_rule: - - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]' diff --git a/customer/fbb-passngr/prd-poi01-fbb.pixelpark.net b/customer/fbb-passngr/prd-poi01-fbb.pixelpark.net deleted file mode 100644 index 4e00439d..00000000 --- a/customer/fbb-passngr/prd-poi01-fbb.pixelpark.net +++ /dev/null @@ -1,45 +0,0 @@ ---- -infra::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAXL0k7gr7yk4dgaFwNwVD9LQrHNymnFUKknqgXUgiTvWdNTPgPtQA953Alsy8Gw5px3BiLq5TwJn/+qX9bgnX9Jbgy+z1xsYHWb6mY6pUff/eCU+S1uTay4GAq6q+68qCHsD2jZ30JQuU8h+8tnj79NWxm/yBu3Q8hfLJ7eHIDGfBoJ87smSEoVyizQPmTyxDQZ3hyncdUjZUTngNlZsRQpWWsHZODNZlmgmtg0Q9oF+1wXU5RB2AUNuPupYra6zuZQU6srRlw5DWO3faWZcnhdTZ333lMBNHJvduVnRAbbZ0+hP/wauO6a3d5oZU6mb9g/ToSW68hPph6uvqms4DTjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAANhTAIZvqPaMvap11hFgNgBAbCp1PuN2uwCZIP3D5ZRLo] - -infra::profile::apache::pp_vhosts: - prd-poi: - docroot: /var/www/poi - servername: prd-poi01-fbb.pixelpark.net - cert_servername: 'wildcard.pixelpark.net' - cert_customer: 'pixelpark' - ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' - docroot_owner: apache - docroot_group: apache - docroot_mode: '2775' - directories: - - directory_root: - provider: directory - path: '/var/www/poi' - addhandlers: - - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' } - options: - - FollowSymLinks - - MultiViews - allow_override: - - All - directoryindex: index.php index.html - - location1: - provider: location - path: '/' - auth_type: Digest - auth_name: server - auth_digest_provider: file - auth_digest_algorithm: MD5 - auth_user_file: '/etc/httpd/htdigest' - auth_require: 'valid-user' - rewrites: - - alias: - comment: 'Alles auf https umleiten' - rewrite_cond: - - '%%{ich-trickse}{HTTPS} !=on' - rewrite_rule: - - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]' diff --git a/customer/fbb-passngr/tst-poi01-fbb.pixelpark.net b/customer/fbb-passngr/tst-poi01-fbb.pixelpark.net deleted file mode 100644 index f6ef8bba..00000000 --- a/customer/fbb-passngr/tst-poi01-fbb.pixelpark.net +++ /dev/null @@ -1,45 +0,0 @@ ---- -infra::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASk8/3kNoClMHZHyGqyEMn4iOhPPrpEPGoR7Wdp4J7kcTB5meRWI12d/mkX5TVFP1LmqgAWEaC1anYMYALcQTSAdJNKLmRdQZiVM+nzMk6nMib4EmLUes63BKPYQH+n18l+q+CFS3E56Rj5oMw9Tg3EF3/JVr7R40LXB9EudTLJUvcFgf0ZYm+e+uODB5YuGlAg9F5hsTpUMr1H5/SftMUNGJeONKxbxVj0cxPYz+RLTGEcxZoomjDiaNjkqiiUPXjuuZ+OZtE2yPPsQll7ys6YIe+wLWuPh/YrAlLlE678GXswFLMj1jb1gZxS0aJbuvJBY9th+UCqCCgrgfOGZUNjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCqRSDJf4E7Y7ljab/MgdyigBAMce/wX9yR6dQLVjN2Y9ue] - -infra::profile::apache::pp_vhosts: - tst-poi: - docroot: /var/www/poi - servername: tst-poi01-fbb.pixelpark.net - cert_servername: 'wildcard.pixelpark.net' - cert_customer: 'pixelpark' - ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' - docroot_owner: apache - docroot_group: apache - docroot_mode: '2775' - directories: - - directory_root: - provider: directory - path: '/var/www/poi' - addhandlers: - - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' } - options: - - FollowSymLinks - - MultiViews - allow_override: - - All - directoryindex: index.php index.html - - location1: - provider: location - path: '/' - auth_type: Digest - auth_name: server - auth_digest_provider: file - auth_digest_algorithm: MD5 - auth_user_file: '/etc/httpd/htdigest' - auth_require: 'valid-user' - rewrites: - - alias: - comment: 'Alles auf https umleiten' - rewrite_cond: - - '%%{ich-trickse}{HTTPS} !=on' - rewrite_rule: - - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]' diff --git a/customer/fbb-poi/common.yaml b/customer/fbb-poi/common.yaml new file mode 100644 index 00000000..4118325e --- /dev/null +++ b/customer/fbb-poi/common.yaml @@ -0,0 +1,13 @@ +--- +infra::role: base +infra::additional_classes: + - infra::profile::postfix + - infra::profile::cron + +postfix::myorigin: "pixelpark.net" +infra::profile::postfix::virtual_aliases_source: 'maps/virtual-nullclient-webmaster' +infra::profile::postfix::cert_servername: 'wildcard.pixelpark.net' + +logstash::install_plugins: false + + diff --git a/customer/fbb-poi/dev-poi-fbb.pixelpark.net b/customer/fbb-poi/dev-poi-fbb.pixelpark.net new file mode 100644 index 00000000..aed48854 --- /dev/null +++ b/customer/fbb-poi/dev-poi-fbb.pixelpark.net @@ -0,0 +1,45 @@ +--- +infra::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAehSprUuT2bcqDE4AjYNKPjBXDyca2jgpQfl2q/RXHus2TMdQ6kl38qF+Z5ePFxJhMSI6VENX9SDAoRSBcpPgI8nXiXgf/AeLOJ5r2SrMFlETYgN5nYkYsEy5AOiopOpfiLYakSKJC6Vj1M+8Yz+ySdVooI03NtgAa/1jAuzvF3Ehn/D4hVOc3H56OVFJ6p/WAIGQkpPT42KrQUU1HGWLEMXgvYN1mKkbiZLDkzPvRGWkp1pBqcgfNS0d22FX6RbT2E1vm/1nFzouIerm+9XEyWCYTsOW9AVjVC73cXtI32fm/ufAdnCChQ2f941dZoA5uUwPPUQs3VDiIg2BVgi/sjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBB9zJuMd8mHOR5dh8nWE7AQgBARcJQpnWD35UGtus+SMaP0] + +infra::profile::apache::pp_vhosts: + dev-poi: + docroot: /var/www/poi + servername: dev-poi-fbb.pixelpark.net + cert_servername: 'wildcard.pixelpark.net' + cert_customer: 'pixelpark' + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + docroot_owner: apache + docroot_group: apache + docroot_mode: '2775' + directories: + - directory_root: + provider: directory + path: '/var/www/poi' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + - MultiViews + allow_override: + - All + directoryindex: index.php index.html + - location1: + provider: location + path: '/' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + rewrites: + - alias: + comment: 'Alles auf https umleiten' + rewrite_cond: + - '%%{ich-trickse}{HTTPS} !=on' + rewrite_rule: + - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]' diff --git a/customer/fbb-poi/development.yaml b/customer/fbb-poi/development.yaml new file mode 100644 index 00000000..377524e1 --- /dev/null +++ b/customer/fbb-poi/development.yaml @@ -0,0 +1,70 @@ +--- +accounts::users: + markus.baumann: + apply: true + sudo: true + thomas.bussmeyer: + apply: true + sudo: true + harry.teuber: + apply: true + sudo: true + christian.schoenherr: + apply: true + sudo: true + santiago.nuneznegrillo: + apply: true + sudo: true + jenkins: + apply: true + sudo: false + +sudo::configs: + jenkins_rights: + priority: "06" + content: | + jenkins ALL=(apache) NOPASSWD: ALL + +infra::additional_classes: + - infra::profile::apache_php + - redis + +repo::remi_php72: true + +php::extensions: + gd: {} + opcache: {} + soap: {} + mbstring: {} + zip: {} + xml: {} + json: {} + pdo: {} + redis: {} + mysql: {} + +php::settings: + PHP/memory_limit: 320M + PHP/post_max_size: 20M + PHP/register_globals: 'Off' + PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web' + PHP/max_execution_time: 30 + PHP/max_input_time: 60 + PHP/output_buffering: 65536 + PHP/upload_max_filesize: 4M + PHP/max_file_uploads: 50 + PHP/short_open_tag: 'On' + PHP/expose_php: 'Off' + +infra::profile::apache_php::fpm_pool: + api: + listen_owner: apache + listen_group: apache + pm_max_children: 20 + +redis::bind: 0.0.0.0 +redis::manage_repo: true +redis::timeout: 30 +redis::maxmemory: 1gb + +apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH' diff --git a/customer/fbb-poi/prd-poi01-fbb.pixelpark.net b/customer/fbb-poi/prd-poi01-fbb.pixelpark.net new file mode 100644 index 00000000..4e00439d --- /dev/null +++ b/customer/fbb-poi/prd-poi01-fbb.pixelpark.net @@ -0,0 +1,45 @@ +--- +infra::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAXL0k7gr7yk4dgaFwNwVD9LQrHNymnFUKknqgXUgiTvWdNTPgPtQA953Alsy8Gw5px3BiLq5TwJn/+qX9bgnX9Jbgy+z1xsYHWb6mY6pUff/eCU+S1uTay4GAq6q+68qCHsD2jZ30JQuU8h+8tnj79NWxm/yBu3Q8hfLJ7eHIDGfBoJ87smSEoVyizQPmTyxDQZ3hyncdUjZUTngNlZsRQpWWsHZODNZlmgmtg0Q9oF+1wXU5RB2AUNuPupYra6zuZQU6srRlw5DWO3faWZcnhdTZ333lMBNHJvduVnRAbbZ0+hP/wauO6a3d5oZU6mb9g/ToSW68hPph6uvqms4DTjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBAANhTAIZvqPaMvap11hFgNgBAbCp1PuN2uwCZIP3D5ZRLo] + +infra::profile::apache::pp_vhosts: + prd-poi: + docroot: /var/www/poi + servername: prd-poi01-fbb.pixelpark.net + cert_servername: 'wildcard.pixelpark.net' + cert_customer: 'pixelpark' + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + docroot_owner: apache + docroot_group: apache + docroot_mode: '2775' + directories: + - directory_root: + provider: directory + path: '/var/www/poi' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + - MultiViews + allow_override: + - All + directoryindex: index.php index.html + - location1: + provider: location + path: '/' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + rewrites: + - alias: + comment: 'Alles auf https umleiten' + rewrite_cond: + - '%%{ich-trickse}{HTTPS} !=on' + rewrite_rule: + - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]' diff --git a/customer/fbb-poi/test.yaml b/customer/fbb-poi/test.yaml new file mode 100644 index 00000000..9690c373 --- /dev/null +++ b/customer/fbb-poi/test.yaml @@ -0,0 +1,69 @@ +accounts::users: + markus.baumann: + apply: true + sudo: true + thomas.bussmeyer: + apply: true + sudo: true + harry.teuber: + apply: true + sudo: true + christian.schoenherr: + apply: true + sudo: true + santiago.nuneznegrillo: + apply: true + sudo: true + jenkins: + apply: true + sudo: false + +sudo::configs: + jenkins_rights: + priority: "06" + content: | + jenkins ALL=(apache) NOPASSWD: ALL + +infra::additional_classes: + - infra::profile::apache_php + - redis + +repo::remi_php72: true + +php::extensions: + gd: {} + opcache: {} + soap: {} + mbstring: {} + zip: {} + xml: {} + json: {} + pdo: {} + redis: {} + mysql: {} + +php::settings: + PHP/memory_limit: 320M + PHP/post_max_size: 20M + PHP/register_globals: 'Off' + PHP/include_path: '.:/opt/app/ZendFramework/library:/opt/app/web' + PHP/max_execution_time: 30 + PHP/max_input_time: 60 + PHP/output_buffering: 65536 + PHP/upload_max_filesize: 4M + PHP/max_file_uploads: 50 + PHP/short_open_tag: 'On' + PHP/expose_php: 'Off' + +infra::profile::apache_php::fpm_pool: + api: + listen_owner: apache + listen_group: apache + pm_max_children: 20 + +redis::bind: 0.0.0.0 +redis::manage_repo: true +redis::timeout: 30 +redis::maxmemory: 1gb + +apache::mod::ssl::ssl_cipher: 'EECDH+AES:EDH+AES:!SHA1:!aNULL@STRENGTH' diff --git a/customer/fbb-poi/tst-poi01-fbb.pixelpark.net b/customer/fbb-poi/tst-poi01-fbb.pixelpark.net new file mode 100644 index 00000000..f6ef8bba --- /dev/null +++ b/customer/fbb-poi/tst-poi01-fbb.pixelpark.net @@ -0,0 +1,45 @@ +--- +infra::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEASk8/3kNoClMHZHyGqyEMn4iOhPPrpEPGoR7Wdp4J7kcTB5meRWI12d/mkX5TVFP1LmqgAWEaC1anYMYALcQTSAdJNKLmRdQZiVM+nzMk6nMib4EmLUes63BKPYQH+n18l+q+CFS3E56Rj5oMw9Tg3EF3/JVr7R40LXB9EudTLJUvcFgf0ZYm+e+uODB5YuGlAg9F5hsTpUMr1H5/SftMUNGJeONKxbxVj0cxPYz+RLTGEcxZoomjDiaNjkqiiUPXjuuZ+OZtE2yPPsQll7ys6YIe+wLWuPh/YrAlLlE678GXswFLMj1jb1gZxS0aJbuvJBY9th+UCqCCgrgfOGZUNjA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCqRSDJf4E7Y7ljab/MgdyigBAMce/wX9yR6dQLVjN2Y9ue] + +infra::profile::apache::pp_vhosts: + tst-poi: + docroot: /var/www/poi + servername: tst-poi01-fbb.pixelpark.net + cert_servername: 'wildcard.pixelpark.net' + cert_customer: 'pixelpark' + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + docroot_owner: apache + docroot_group: apache + docroot_mode: '2775' + directories: + - directory_root: + provider: directory + path: '/var/www/poi' + addhandlers: + - { handler: "proxy:unix:/var/run/php5-fpm-api.sock|fcgi://./" , extensions: '.php' } + options: + - FollowSymLinks + - MultiViews + allow_override: + - All + directoryindex: index.php index.html + - location1: + provider: location + path: '/' + auth_type: Digest + auth_name: server + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + rewrites: + - alias: + comment: 'Alles auf https umleiten' + rewrite_cond: + - '%%{ich-trickse}{HTTPS} !=on' + rewrite_rule: + - '(.*) https://%%{ich-trickse}{HTTP_HOST}%%{ich-trickse}{REQUEST_URI} [R=301,L]'