/opt/rudder/etc/htpasswd-webdav
.
rudder:vHBLbrOyfEWFg
/opt/rudder/etc/inventory-web.properties
.
## # Default configuration file for the application. # You can define the location of this file by # setting "inventoryweb.configFile" JVM property, # for example: # java .... -Dinventoryweb.configFile=/opt/rudder/etc/inventory-web.conf ## # ## LDAP related configuration # # LDAP directory connection information ldap.host=localhost ldap.port=389 ldap.authdn=cn=Manager,cn=rudder-configuration ldap.authpw=secret # inventories information ldap.inventories.software.basedn=ou=Inventories,cn=rudder-configuration ldap.inventories.accepted.basedn=ou=Accepted Inventories,ou=Inventories,cn=rudder-configuration ldap.inventories.pending.basedn=ou=Pending Inventories,ou=Inventories,cn=rudder-configuration # where to store LDIF inventory versions history.inventories.rootdir=/var/rudder/inventories/historical # where to store debug information about LDAP modification requests ldif.tracelog.rootdir=/var/rudder/inventories/debug
/opt/rudder/etc/logback.xml
.
<configuration> <!-- This is the default logging configuration file. It will be used if you didn't specify the "logback.configurationFile" JVM option. For example, to use a loggin configuration file in "/etc/rudder": java ... -Dlogback.configurationFile=/etc/rudder/logback.xml Full information about the file format is available on the project web site: http://logback.qos.ch/manual/configuration.html#syntax --> <!-- Appender configuration - where&how to write logs in SLF4J speaking. =================================================================== Our default configuration : log on stdout appender so that our logs are managed by the container log system (and so, if Tomcat/Jetty/etc logs are stored in files and rotated, so are our log information). Log format is: - date/time/thread of the log on 30 chars (fixed) - log level on 5 char (fixed) - name of the logger (and so the class) on 36 chars, with package name folding - log message follows - limit exception trace to 30 calls You should not have to modify that. --> <appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender"> <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder"> <Pattern>%-30(%d{HH:mm:ss.SSS} [%thread]) %-5level %logger{36} - %msg%n%xEx{30}</Pattern> </encoder> </appender> <!-- Manage the global log level of the application. =============================================== That level will be used for all logs that are not more precisely defined below (i.e for whom there is no <logger name="...." level="..."/> defined) Available log levels are: trace < debug < info < warn < error < off "off" completely shut down logging for the given logger Do not modify the appender part if you don't know what you are doing. --> <root level="info"> <appender-ref ref="STDOUT" /> </root> <!-- Debug LDAP write operations =========================== This logger allow to trace LDAP writes operation and to output them in LDIF file (the output directory path is configured in the main configuration file) The trace is done only if level is set to "trace" WARNING: setting the level to trace may have major performance issue, as A LOT of LDIF files will have to be written. You should activate that log only for debugging purpose. --> <logger name="trace.ldif.in.file" level="off" /> <!-- ==================================================== --> <!-- YOU SHOULD NOT HAVE TO CHANGE THINGS BELOW THAT LINE --> <!-- ==================================================== --> <!-- Display AJAX information of the Web interface ============================================= Whatever the root logger level is, you are likely to not wanting these information. Set the level to debug if you are really interested in AJAX-related debug messages. --> <logger name="comet_trace" level="info" /> <!-- Spring Framework log level ========================== We really don't want to see SpringFramework debug info, whatever the root logger level is - it's an internal component only. --> <logger name="org.springframework" level="warn" /> <!-- We don't need to have timing information for each HTTP request. If you want to have these information, set the log level for that logger to (at least) "info" --> <logger name="net.liftweb.util.TimeHelpers" level="warn" /> </configuration>
/opt/rudder/etc/openldap/slapd.conf
.
# # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /opt/rudder/etc/openldap/schema/core.schema include /opt/rudder/etc/openldap/schema/cosine.schema include /opt/rudder/etc/openldap/schema/nis.schema include /opt/rudder/etc/openldap/schema/dyngroup.schema include /opt/rudder/etc/openldap/schema/inventory.schema include /opt/rudder/etc/openldap/schema/rudder.schema loglevel none stats # Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /var/rudder/run/slapd.pid argsfile /var/rudder/run/slapd.args # Load dynamic modules for backends and overlays: modulepath /opt/rudder/libexec/openldap/ moduleload back_hdb.la moduleload back_monitor.la moduleload dynlist.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ############################################## # Global overlays (available on all databases) ############################################## overlay dynlist dynlist-attrset dynGroup memberURL ####################################################################### # BDB database definitions ####################################################################### database hdb suffix "cn=rudder-configuration" rootdn "cn=Manager,cn=rudder-configuration" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/rudder/ldap/openldap-data # Checkpoint database every 128k written or every 5 minutes checkpoint 0 1 # Indices to maintain index objectClass eq index confirmed eq index uuid,machineUuid,nodeId,machine,hostedVm,container,node,software eq index mountPoint,softwareVersion,cn eq index member eq database monitor
/opt/rudder/etc/reportsInfo.xml
.
<ReportsInfoStore> </ReportsInfoStore>
/opt/rudder/etc/rudder-users.xml
.
<!-- Authorizations You must define a role attribute to every user you add. A role is defined by a list of authorizations separated by commas. There are two kind of authorizations : Predefined authorizations There are 7 predefined authorization levels: - administrator (all rights) - administration_only (all administration) - user (all node, configuration) - configuration(all configuration) - read_only (read all) - compliance(read rule) - inventory (read node) There is three predefined roles for change request rights: - validator (Can valid changes) - deployer (Can deploy changes) - workflow (Both deployer and validator) The administrator role include the workflow ones Custom authorizations Custom authorisations are composed of two elements: - A type of authorization, which define what is concerned there's is 10 types, which are : node, group, deployement, administration, configuration, rule, technique, directive, validator and deployer. - A level of authorization, levels are: read, write, edit, all(read, write, edit) They are not inclusive (write and edit don't include read,) a custom authorisation has a format like that "type_level" like "node_all", "group_read" Examples <user name="alice" password="xxxxxxx" role="administrator" /> <user name="bob" password="xxxxxxx" role="read_only"/> <user name="carol" password="xxxxxxx" role="user,validator"/> <user name="custom" password="custom" role="node_all,configuration_read,rule_read,rule_edit,directive_read,technique_read"> - can read everything but administration,groups and deployement - can do everything about node exemple of bad lines <user name="" password="secret2" role="administrator"/> <user name="name" password="" role="administrator"/> -->
/opt/rudder/etc/rudder-web.properties
.
## # Default configuration file for the application. # You can define the location of the file by # setting "rudder.configFile" JVM property, # for example: # java .... -Drudder.configFile=/opt/rudder/etc/rudder-web.conf ## ## # Application information ## #define that property if you are behind a proxy #or anything that make the URL served by the #servlet container be different than the public one #note: if defined, must not end with / #let blank to use default value base.url=http://rudder-debian/rudder ## # LDAP properties ## # LDAP directory connection information ldap.host=localhost ldap.port=389 ldap.authdn=cn=manager,cn=rudder-configuration ldap.authpw=secret #inventories information ldap.inventories.software.basedn=ou=Inventories, cn=rudder-configuration ldap.inventories.accepted.basedn=ou=Accepted Inventories, ou=Inventories, cn=rudder-configuration ldap.inventories.pending.basedn=ou=Pending Inventories, ou=Inventories, cn=rudder-configuration #Base DN for Rudder Data ldap.rudder.base=ou=Rudder, cn=rudder-configuration #Base DN (the ou=Node is already given by the DIT) ldap.node.base=cn=rudder-configuration # directory where LDIF trace of LDAP modify request are # stored when loglevel is 'trace' ldif.tracelog.rootdir=/var/rudder/inventories/debug ## # Other Rudder Configuration properties ## # # directory used as root directory to store LDIF dump # of historised inventories history.inventories.rootdir=/var/rudder/inventories/historical ## # Upload directory ## # directory where new uploaded files are stored upload.root.directory=/var/rudder/files/ ## # Emergency stop ## # path to the script/binary that allows emergency orchestrator stop bin.emergency.stop=/opt/rudder/bin/cfe-red-button.sh ## # Promise writer directory configuration ## rudder.dir.config=/opt/rudder/etc/ rudder.dir.policyPackages=/opt/rudder/share/policy-templates rudder.dir.licensesFolder=/opt/rudder/etc/licenses rudder.dir.policies=/var/rudder/ rudder.dir.backup=/var/rudder/backup/ rudder.dir.dependencies=/var/rudder/tools/ rudder.dir.sharing=/var/rudder/files/ rudder.dir.lock=/var/rudder/lock/ rudder.endpoint.cmdb=http://localhost:8080/endpoint/upload/ # Port used by the community edition rudder.community.port=5309 rudder.jdbc.driver=org.postgresql.Driver rudder.jdbc.url=jdbc:postgresql://localhost:5432/rudder rudder.jdbc.username=rudder rudder.jdbc.password=Normation # # Destination directory for files distributed # with the copyFile policy # policy.copyfile.destination.dir=/some/default/destination/directory/ # # Command line to check the promises generated # rudder.community.checkpromises.command=/var/rudder/cfengine-community/bin/cf-promises rudder.nova.checkpromises.command=/bin/true # # Interval of time between two dynamic group update batch # Expect an int (amount of minutes) # rudder.batch.dyngroup.updateInterval=5 # # Interval of time (in seconds) between two checks # for a policy template library update (a commit) # 300s = 5minutes # rudder.batch.ptlib.updateInterval=300 # # Configure the refs path to use for the git repository for # the Policy Template Reference Library. # The default is to use "refs/heads/master" (the local master # branche). # You have to use the full ref path. rudder.ptlib.git.refs.path=refs/heads/master