From: Philipp Dallig Date: Tue, 16 Aug 2016 08:36:55 +0000 (+0200) Subject: bmw - changes mit andy X-Git-Tag: v0.1.0~4284 X-Git-Url: https://git.uhu-banane.de/?a=commitdiff_plain;h=fb3754963223906b84f45cb5f651e260efc930fd;p=pixelpark%2Fhiera.git bmw - changes mit andy --- diff --git a/customer/bmw/common.yaml b/customer/bmw/common.yaml index 9d603ebb..04276944 100644 --- a/customer/bmw/common.yaml +++ b/customer/bmw/common.yaml @@ -8,11 +8,6 @@ site::additional_classes: java::package: java-1.8.0-oraclejdk puppetconf::server: puppetmaster01.pixelpark.com -ntp::servers: - - '0.centos.pool.ntp.org' - - '1.centos.pool.ntp.org' - - '2.centos.pool.ntp.org' - apache::mpm_module: worker apache::mod::mime::mime_types_additional: 'AddHandler': diff --git a/customer/bmw/prod.yaml b/customer/bmw/prod.yaml deleted file mode 100644 index 54eb1fb2..00000000 --- a/customer/bmw/prod.yaml +++ /dev/null @@ -1,166 +0,0 @@ ---- -# Für Livegang -# accounts::users: -# florian.schade: -# apply: true - -# admin:admin -site::profile::aem::author::admin_pass: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhLotW9eI7KayDl6fnd3Y+izen08BFIaZ+kLjVPUQX9gPg3lKbO0uacisAIFa/eaClmvIdRXe2TYOnb0zE1WM0s9AZj32U9vcEozn9QxCxerOEulPpqKX8zXWh6QoBSGBCO8fGPVR68YMZ3eZvOs2usOX8Fkw3K2agZhhC/+xciu/m9PjE9J06UmGhkIQMI13R0vWTTcNe9PYfKMCVB+z8zkguKazGeLwlsbCsAI437c1nf6No1oxz5capZwpVqSUWh3S+3GLn9XVPF6VmcdnD1Z+kJlcAPKsiAtcnKAsmesNvcfvN1a0nAFgqT2oiPW3CLf0b9hh1Jw6sgLaEnvR9jA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCJ/ObPWEXizDMYs7f9Wwf5gBAKMfZr21dNIIILlxmAIlUg] -site::profile::aem::publish::admin_pass: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEANqQw0Jgj0dg7+OcMz6kFFFfzfoDtLE3RCvEO3T5tJ6tGgmcjWGjyO7v0ukrrwLoBCPly4g00GUc6GyLnhbS5An5elXUckm7blBt1r5QqZDaJG6Dc2OQCcqyUntZM0vfgtygWkBDrn8PWkkBv2lifnQcwHD8q+UjmuU/tr7wEAxKW53LpVP7wnKE4co/HFD2LvQMzxsWCx+oo+Up3DtnRxj0peSX+T/e/NG8b0DyJx9CLwyfb6CMCEl2m9JcjPaesdS0VkCgVoxe9waqgYiLxmq0s766xTg9XMFJuvEuUtYhLs3ywwtAVxo4V/jt9t+/AOU3fHR17M/oUM9/555KLHDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC12Pc8m6n48inuoUNLzhlogBBZmDF6cVzqgKAEfjeh0gG2] - -aem::packages: - service_pack_1: - groupid: 'com.adobe.aem' - artifactid: 'aem61-service-pack-1' - version: '1.0' - acs_aem_commons: - groupid: 'com.adobe.acs' - artifactid: 'acs-aem-commons-content' - version: '2.6.4' - cq-6.1.0-hotfix-9130: - groupid: 'com.adobe.aem' - artifactid: 'cq-6.1.0-hotfix-9130' - version: '1.0' - cq-6.1.0-hotfix-9381: - groupid: 'com.adobe.aem' - artifactid: 'cq-6.1.0-hotfix-9381' - version: '1.1' - -site::profile::aem::publish::jvm_heap_min: 4096M -site::profile::aem::publish::jvm_heap_max: 6144M - -site::profile::aem::author::jvm_heap_min: 6144M -site::profile::aem::author::jvm_heap_max: 8192M - -# www:yIRN57qmO28y -site::profile::apache::htdigest: - server: - www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAiBukxV7jmUZA/lYsE7pL0KpuGQ2ViHubHZehBUwtxa9zOgyrB/Tlr2Z79THHZsjSXGOzQSK1di57m8Hn15fUVXacrjvLeYsnA2bg+EgQb/ZzbdSQBTuWyKwDZ3bkXPnX6OwhRuSsYvN/pNjc/sgfNdT/j/staZEshMAQVCgJ/WekVAALaWK50yYWL5+JUNfYdRiluKOU39IkBGp5dPQhNWDFPezSiRbr7yDnSL6pAYxyj1pqTXmlGnzzqvA3tk83q6nVgM7nEsNzaHcrlRBVPTezfwyjpPahCTnAYGquMyMQ2wWmqxYapKPDrpyPdN/u+VzaO0wv/oocRwXBAUAGcTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDY01oPkVnWlNvTokIhrHaigBC3RE6PdNfrlMoAnEA5Kk4F] - -# Apache Publisher -site::profile::aem::publish::pp_vhosts: - bmw: - serveraliases: - - www-bmwi-de.pixelpark.net - docroot: '/var/www/html/cache' - ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' - ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - docroot_owner: apache - directories: - - docroot: - provider: directory - path: '/var/www/html/cache' - sethandler: dispatcher-handler - options: - - FollowSymLinks - - location1: - provider: location - path: '/' - auth_type: Digest - auth_name: brand - auth_digest_provider: file - auth_digest_algorithm: MD5 - auth_user_file: '/etc/httpd/htdigest' - auth_require: 'valid-user' - require: - - local - -# Apache Author -site::profile::aem::author::enable_apache: true -site::profile::aem::author::pp_vhosts: - bmw-author: - docroot: '/var/www' - servername: red-bmw-de.pixelpark.net - ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' - ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' - allow_encoded_slashes: 'on' - rewrites_non_ssl: - - https: - comment: 'all to https' - rewrite_rule: - - '^(.*)$ https://red-bmw-de.pixelpark.net$1 [L,R=302]' - proxy_preserve_host: true - proxy_pass: - - { path: /, url: 'http://localhost:4502/' } - request_headers_ssl: - - 'set X-Forwarded-Proto "https" env=HTTPS' - directories: - - docroot: - provider: directory - path: '/var/www/' - -aem::dispatcher::publish_farm: - website: - clientheaders: - - '*' - renders: - - { hostname: "127.0.0.1", port: '4503' } - filter: - - { type: 'deny', glob: '*' } - - { type: 'allow', url: '/' } - - { type: 'allow', url: '*.html' } - - { type: 'allow', url: '*.css' } # enable css - - { type: 'allow', url: '*.gif' } # enable gifs - - { type: 'allow', url: '*.ico' } # enable icos - - { type: 'allow', url: '*.js' } # enable javascript - - { type: 'allow', url: '*.png' } # enable png - - { type: 'allow', url: '*.swf' } # enable flash - - { type: 'allow', url: '*.jpg' } # enable jpg - - { type: 'allow', url: '*.jpeg' } # enable jpeg - - { type: 'allow', url: '*.svg' } # enable svg - - { type: 'allow', url: '*.ttf' } # enable ttf - - { type: 'allow', url: '*.woff' } # enable woff - - { type: 'allow', url: '*.woff2' } # enable woff2 - - { type: 'allow', url: '*.eot' } # enable eot - - { type: 'allow', url: '*.pdf' } # enable pdf - - { type: 'allow', url: '*.wmv' } # enable wmv - - { type: 'allow', url: '*.psd' } # enable psd (Adobe Photoshop Dokument) - - { type: 'allow', url: '*.tif' } # enable tif - - { type: 'allow', url: '*.indd' } # enable indd (Adobe Indesign Dokument) - # Enable features - - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization - - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API - # Security Rules - - { type: 'deny', url: '/etc/' } - - { type: 'deny', url: '/libs/' } - - { type: 'allow', url: '/etc/designs/*' } - - { type: 'allow', url: '/etc/clientlibs/*' } - - { type: 'allow', url: '/etc/segmentation.segment.js' } - - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json' } - - { type: 'allow', url: '/libs/wcm/stats/tracker.js' } - - { type: 'allow', url: '/libs/cq/personalization/*' } # (JS, CSS and JSON) - - { type: 'allow', url: '/libs/cq/security/userinfo.json' } # (CQ user information) - - { type: 'allow', url: '/libs/granite/security/currentuser.json' } # (data must not be cached) - - { type: 'allow', url: '/libs/cq/i18n/*' } # (Internalization) - # CSRF - - { type: 'allow', url: '/libs/granite/csrf/token.json' } - # Deny content grabbing - - { type: 'deny', url: '*.infinity.json' } - - { type: 'deny', url: '*.tidy.json' } - - { type: 'deny', url: '*.sysview.xml' } - - { type: 'deny', url: '*.docview.json' } - - { type: 'deny', url: '*.docview.xml' } - - { type: 'deny', url: '*.*[0-9].json' } - # Deny query - - { type: 'deny', url: '*.query.json' } - cache_docroot: '/var/www/html/cache' - cache_rules: - - { type: 'allow', glob: '*' } - cache_invalidate: - - { type: 'deny', glob: '*' } - - { type: 'allow', glob: '*.html' } - - { type: 'allow', glob: '/etc/segmentation.segment.js' } - - { type: 'allow', glob: '*/analytics.sitecatalyst.js' } - cache_allowedClients: - - { type: 'deny', glob: '*' } - - { type: 'allow', glob: '127.0.0.1' } - cache_headers: - - 'X-Content-Type-Options' - - 'X-Frame-Options' - - 'X-XSS-Protection' - - 'Last-Modified' - - 'Expires' - - 'Content-Type' - - 'Access-Control-Allow-Origin' diff --git a/customer/bmw/production.yaml b/customer/bmw/production.yaml new file mode 100644 index 00000000..54eb1fb2 --- /dev/null +++ b/customer/bmw/production.yaml @@ -0,0 +1,166 @@ +--- +# Für Livegang +# accounts::users: +# florian.schade: +# apply: true + +# admin:admin +site::profile::aem::author::admin_pass: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAhLotW9eI7KayDl6fnd3Y+izen08BFIaZ+kLjVPUQX9gPg3lKbO0uacisAIFa/eaClmvIdRXe2TYOnb0zE1WM0s9AZj32U9vcEozn9QxCxerOEulPpqKX8zXWh6QoBSGBCO8fGPVR68YMZ3eZvOs2usOX8Fkw3K2agZhhC/+xciu/m9PjE9J06UmGhkIQMI13R0vWTTcNe9PYfKMCVB+z8zkguKazGeLwlsbCsAI437c1nf6No1oxz5capZwpVqSUWh3S+3GLn9XVPF6VmcdnD1Z+kJlcAPKsiAtcnKAsmesNvcfvN1a0nAFgqT2oiPW3CLf0b9hh1Jw6sgLaEnvR9jA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBCJ/ObPWEXizDMYs7f9Wwf5gBAKMfZr21dNIIILlxmAIlUg] +site::profile::aem::publish::admin_pass: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEANqQw0Jgj0dg7+OcMz6kFFFfzfoDtLE3RCvEO3T5tJ6tGgmcjWGjyO7v0ukrrwLoBCPly4g00GUc6GyLnhbS5An5elXUckm7blBt1r5QqZDaJG6Dc2OQCcqyUntZM0vfgtygWkBDrn8PWkkBv2lifnQcwHD8q+UjmuU/tr7wEAxKW53LpVP7wnKE4co/HFD2LvQMzxsWCx+oo+Up3DtnRxj0peSX+T/e/NG8b0DyJx9CLwyfb6CMCEl2m9JcjPaesdS0VkCgVoxe9waqgYiLxmq0s766xTg9XMFJuvEuUtYhLs3ywwtAVxo4V/jt9t+/AOU3fHR17M/oUM9/555KLHDA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBC12Pc8m6n48inuoUNLzhlogBBZmDF6cVzqgKAEfjeh0gG2] + +aem::packages: + service_pack_1: + groupid: 'com.adobe.aem' + artifactid: 'aem61-service-pack-1' + version: '1.0' + acs_aem_commons: + groupid: 'com.adobe.acs' + artifactid: 'acs-aem-commons-content' + version: '2.6.4' + cq-6.1.0-hotfix-9130: + groupid: 'com.adobe.aem' + artifactid: 'cq-6.1.0-hotfix-9130' + version: '1.0' + cq-6.1.0-hotfix-9381: + groupid: 'com.adobe.aem' + artifactid: 'cq-6.1.0-hotfix-9381' + version: '1.1' + +site::profile::aem::publish::jvm_heap_min: 4096M +site::profile::aem::publish::jvm_heap_max: 6144M + +site::profile::aem::author::jvm_heap_min: 6144M +site::profile::aem::author::jvm_heap_max: 8192M + +# www:yIRN57qmO28y +site::profile::apache::htdigest: + server: + www: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAiBukxV7jmUZA/lYsE7pL0KpuGQ2ViHubHZehBUwtxa9zOgyrB/Tlr2Z79THHZsjSXGOzQSK1di57m8Hn15fUVXacrjvLeYsnA2bg+EgQb/ZzbdSQBTuWyKwDZ3bkXPnX6OwhRuSsYvN/pNjc/sgfNdT/j/staZEshMAQVCgJ/WekVAALaWK50yYWL5+JUNfYdRiluKOU39IkBGp5dPQhNWDFPezSiRbr7yDnSL6pAYxyj1pqTXmlGnzzqvA3tk83q6nVgM7nEsNzaHcrlRBVPTezfwyjpPahCTnAYGquMyMQ2wWmqxYapKPDrpyPdN/u+VzaO0wv/oocRwXBAUAGcTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBDY01oPkVnWlNvTokIhrHaigBC3RE6PdNfrlMoAnEA5Kk4F] + +# Apache Publisher +site::profile::aem::publish::pp_vhosts: + bmw: + serveraliases: + - www-bmwi-de.pixelpark.net + docroot: '/var/www/html/cache' + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + docroot_owner: apache + directories: + - docroot: + provider: directory + path: '/var/www/html/cache' + sethandler: dispatcher-handler + options: + - FollowSymLinks + - location1: + provider: location + path: '/' + auth_type: Digest + auth_name: brand + auth_digest_provider: file + auth_digest_algorithm: MD5 + auth_user_file: '/etc/httpd/htdigest' + auth_require: 'valid-user' + require: + - local + +# Apache Author +site::profile::aem::author::enable_apache: true +site::profile::aem::author::pp_vhosts: + bmw-author: + docroot: '/var/www' + servername: red-bmw-de.pixelpark.net + ssl_cert: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + ssl_key: '/etc/pki/tls/private/wildcard.pixelpark.net-key.pem' + ssl_chain: '/etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem' + allow_encoded_slashes: 'on' + rewrites_non_ssl: + - https: + comment: 'all to https' + rewrite_rule: + - '^(.*)$ https://red-bmw-de.pixelpark.net$1 [L,R=302]' + proxy_preserve_host: true + proxy_pass: + - { path: /, url: 'http://localhost:4502/' } + request_headers_ssl: + - 'set X-Forwarded-Proto "https" env=HTTPS' + directories: + - docroot: + provider: directory + path: '/var/www/' + +aem::dispatcher::publish_farm: + website: + clientheaders: + - '*' + renders: + - { hostname: "127.0.0.1", port: '4503' } + filter: + - { type: 'deny', glob: '*' } + - { type: 'allow', url: '/' } + - { type: 'allow', url: '*.html' } + - { type: 'allow', url: '*.css' } # enable css + - { type: 'allow', url: '*.gif' } # enable gifs + - { type: 'allow', url: '*.ico' } # enable icos + - { type: 'allow', url: '*.js' } # enable javascript + - { type: 'allow', url: '*.png' } # enable png + - { type: 'allow', url: '*.swf' } # enable flash + - { type: 'allow', url: '*.jpg' } # enable jpg + - { type: 'allow', url: '*.jpeg' } # enable jpeg + - { type: 'allow', url: '*.svg' } # enable svg + - { type: 'allow', url: '*.ttf' } # enable ttf + - { type: 'allow', url: '*.woff' } # enable woff + - { type: 'allow', url: '*.woff2' } # enable woff2 + - { type: 'allow', url: '*.eot' } # enable eot + - { type: 'allow', url: '*.pdf' } # enable pdf + - { type: 'allow', url: '*.wmv' } # enable wmv + - { type: 'allow', url: '*.psd' } # enable psd (Adobe Photoshop Dokument) + - { type: 'allow', url: '*.tif' } # enable tif + - { type: 'allow', url: '*.indd' } # enable indd (Adobe Indesign Dokument) + # Enable features + - { type: 'allow', url: '/libs/cq/personalization/*' } # enable personalization + - { type: 'allow', url: '*.assetlibrary.json' } # enable asset library JSON API + # Security Rules + - { type: 'deny', url: '/etc/' } + - { type: 'deny', url: '/libs/' } + - { type: 'allow', url: '/etc/designs/*' } + - { type: 'allow', url: '/etc/clientlibs/*' } + - { type: 'allow', url: '/etc/segmentation.segment.js' } + - { type: 'allow', url: '/libs/cq/personalization/components/clickstreamcloud/content/config.json' } + - { type: 'allow', url: '/libs/wcm/stats/tracker.js' } + - { type: 'allow', url: '/libs/cq/personalization/*' } # (JS, CSS and JSON) + - { type: 'allow', url: '/libs/cq/security/userinfo.json' } # (CQ user information) + - { type: 'allow', url: '/libs/granite/security/currentuser.json' } # (data must not be cached) + - { type: 'allow', url: '/libs/cq/i18n/*' } # (Internalization) + # CSRF + - { type: 'allow', url: '/libs/granite/csrf/token.json' } + # Deny content grabbing + - { type: 'deny', url: '*.infinity.json' } + - { type: 'deny', url: '*.tidy.json' } + - { type: 'deny', url: '*.sysview.xml' } + - { type: 'deny', url: '*.docview.json' } + - { type: 'deny', url: '*.docview.xml' } + - { type: 'deny', url: '*.*[0-9].json' } + # Deny query + - { type: 'deny', url: '*.query.json' } + cache_docroot: '/var/www/html/cache' + cache_rules: + - { type: 'allow', glob: '*' } + cache_invalidate: + - { type: 'deny', glob: '*' } + - { type: 'allow', glob: '*.html' } + - { type: 'allow', glob: '/etc/segmentation.segment.js' } + - { type: 'allow', glob: '*/analytics.sitecatalyst.js' } + cache_allowedClients: + - { type: 'deny', glob: '*' } + - { type: 'allow', glob: '127.0.0.1' } + cache_headers: + - 'X-Content-Type-Options' + - 'X-Frame-Options' + - 'X-XSS-Protection' + - 'Last-Modified' + - 'Expires' + - 'Content-Type' + - 'Access-Control-Allow-Origin'