Revision f56a3067
Added by Alexis Mousset over 7 years ago
rudder-server-relay/SOURCES/rudder-apache-relay-common.conf | ||
---|---|---|
DocumentRoot /var/www
|
||
|
||
<FilesMatch "\.(cgi|shtml|phtml|php)$">
|
||
SSLOptions +StdEnvVars
|
||
</FilesMatch>
|
||
<Directory /usr/lib/cgi-bin>
|
||
SSLOptions +StdEnvVars
|
||
</Directory>
|
||
|
||
# Expose the server UUID through http
|
||
Alias /uuid /opt/rudder/etc/uuid.hive
|
||
<Directory /opt/rudder/etc>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Allow From all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all granted
|
||
</IfVersion>
|
||
</Directory>
|
||
|
||
# WebDAV share to receive inventories
|
||
Alias /inventories /var/rudder/inventories/incoming
|
||
<Directory /var/rudder/inventories/incoming>
|
||
|
||
DAV on
|
||
|
||
AuthName "WebDAV Storage"
|
||
AuthType Basic
|
||
AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial
|
||
|
||
Require valid-user
|
||
|
||
# rudder-networks.conf / rudder-networks-24.conf is automatically
|
||
# generated according to the hosts allowed by rudder.
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Include /opt/rudder/etc/rudder-networks.conf
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Include /opt/rudder/etc/rudder-networks-24.conf
|
||
</IfVersion>
|
||
|
||
<LimitExcept PUT>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Deny from all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all denied
|
||
</IfVersion>
|
||
</LimitExcept>
|
||
|
||
</Directory>
|
||
|
||
# WebDAV share to receive inventories
|
||
Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
|
||
<Directory /var/rudder/inventories/accepted-nodes-updates>
|
||
|
||
DAV on
|
||
|
||
AuthName "WebDAV Storage"
|
||
AuthType Basic
|
||
AuthUserFile /opt/rudder/etc/htpasswd-webdav
|
||
|
||
Require valid-user
|
||
|
||
# rudder-networks.conf / rudder-networks-24.conf is automatically
|
||
# generated according to the hosts allowed by rudder.
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Include /opt/rudder/etc/rudder-networks.conf
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Include /opt/rudder/etc/rudder-networks-24.conf
|
||
</IfVersion>
|
||
|
||
<LimitExcept PUT>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Deny from all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all denied
|
||
</IfVersion>
|
||
</LimitExcept>
|
||
|
||
</Directory>
|
rudder-server-relay/SOURCES/rudder-relay-apache-common.conf | ||
---|---|---|
|
||
DocumentRoot /var/www
|
||
|
||
# Expose the server UUID through http
|
||
Alias /uuid /opt/rudder/etc/uuid.hive
|
||
<Directory /opt/rudder/etc>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Allow From all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all granted
|
||
</IfVersion>
|
||
</Directory>
|
||
|
||
# WebDAV share to receive inventories
|
||
Alias /inventories /var/rudder/inventories/incoming
|
||
<Directory /var/rudder/inventories/incoming>
|
||
|
||
DAV on
|
||
|
||
AuthName "WebDAV Storage"
|
||
AuthType Basic
|
||
AuthUserFile /opt/rudder/etc/htpasswd-webdav-initial
|
||
|
||
Require valid-user
|
||
|
||
# rudder-networks.conf / rudder-networks-24.conf is automatically
|
||
# generated according to the hosts allowed by rudder.
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Include /opt/rudder/etc/rudder-networks.conf
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Include /opt/rudder/etc/rudder-networks-24.conf
|
||
</IfVersion>
|
||
|
||
<LimitExcept PUT>
|
||
Require all denied
|
||
</LimitExcept>
|
||
|
||
</Directory>
|
||
|
||
# WebDAV share to receive inventories
|
||
Alias /inventory-updates /var/rudder/inventories/accepted-nodes-updates
|
||
<Directory /var/rudder/inventories/accepted-nodes-updates>
|
||
|
||
DAV on
|
||
|
||
AuthName "WebDAV Storage"
|
||
AuthType Basic
|
||
AuthUserFile /opt/rudder/etc/htpasswd-webdav
|
||
|
||
Require valid-user
|
||
|
||
# rudder-networks.conf / rudder-networks-24.conf is automatically
|
||
# generated according to the hosts allowed by rudder.
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Include /opt/rudder/etc/rudder-networks.conf
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Include /opt/rudder/etc/rudder-networks-24.conf
|
||
</IfVersion>
|
||
|
||
<LimitExcept PUT>
|
||
Require all denied
|
||
</LimitExcept>
|
||
|
||
</Directory>
|
||
|
rudder-server-relay/SOURCES/rudder-relay-vhost-ssl.conf | ||
---|---|---|
<VirtualHost *:443>
|
||
|
||
ServerAdmin webmaster@localhost
|
||
|
||
# Include Rudder common vhost definitions
|
||
Include /opt/rudder/etc/rudder-relay-apache-common.conf
|
||
|
||
# Logs
|
||
ErrorLog /var/log/rudder/apache2/error.log
|
||
LogLevel warn
|
||
CustomLog /var/log/rudder/apache2/access.log combined
|
||
|
||
# SSL Engine Switch:
|
||
# Enable/Disable SSL for this virtual host.
|
||
SSLEngine on
|
||
|
||
SSLCertificateFile /opt/rudder/etc/ssl/rudder-relay.crt
|
||
SSLCertificateKeyFile /opt/rudder/etc/ssl/rudder-relay.key
|
||
|
||
</VirtualHost>
|
rudder-server-relay/SOURCES/rudder-relay-vhost.conf | ||
---|---|---|
<VirtualHost *:80>
|
||
|
||
ServerAdmin webmaster@localhost
|
||
|
||
# Include Rudder common vhost definitions
|
||
Include /opt/rudder/etc/rudder-relay-apache-common.conf
|
||
|
||
# Logs
|
||
LogLevel warn
|
||
|
||
CustomLog /var/log/rudder/apache2/access.log combined
|
||
ErrorLog /var/log/rudder/apache2/error.log
|
||
|
||
</VirtualHost>
|
rudder-server-relay/SOURCES/rudder-vhost.conf | ||
---|---|---|
<VirtualHost *:80>
|
||
|
||
ServerAdmin webmaster@localhost
|
||
|
||
# Logs
|
||
LogLevel warn
|
||
CustomLog /var/log/rudder/apache2/access.log combined
|
||
ErrorLog /var/log/rudder/apache2/error.log
|
||
|
||
# Include Rudder common vhost definitions
|
||
Include /opt/rudder/etc/rudder-apache-*-common.conf
|
||
Include /opt/rudder/etc/rudder-apache-*-nossl.conf
|
||
|
||
</VirtualHost>
|
||
|
||
<VirtualHost *:443>
|
||
|
||
ServerAdmin webmaster@localhost
|
||
|
||
# Logs
|
||
LogLevel warn
|
||
CustomLog /var/log/rudder/apache2/access.log combined
|
||
ErrorLog /var/log/rudder/apache2/error.log
|
||
|
||
# SSL Engine Switch:
|
||
# Enable/Disable SSL for this virtual host.
|
||
SSLEngine on
|
||
|
||
SSLCertificateFile /opt/rudder/etc/ssl/rudder.crt
|
||
SSLCertificateKeyFile /opt/rudder/etc/ssl/rudder.key
|
||
|
||
# Include Rudder common vhost definitions
|
||
Include /opt/rudder/etc/rudder-apache-*-common.conf
|
||
Include /opt/rudder/etc/rudder-apache-*-ssl.conf
|
||
|
||
</VirtualHost>
|
rudder-server-relay/SPECS/rudder-server-relay.spec | ||
---|---|---|
|
||
Group: Applications/System
|
||
|
||
Source1: rudder-relay-vhost.conf
|
||
Source1: rudder-vhost.conf
|
||
Source2: rudder-networks.conf
|
||
Source3: rudder-networks-24.conf
|
||
Source4: rudder-relay-vhost-ssl.conf
|
||
Source5: rudder-relay-apache-common.conf
|
||
Source5: rudder-apache-relay-common.conf
|
||
Source6: rudder-relay-apache
|
||
|
||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||
... | ... | |
|
||
## General
|
||
BuildRequires: python, python-devel
|
||
Requires: rudder-agent, rsyslog, openssl, %{apache}, %{apache_tools}, python
|
||
Requires: rudder-agent >= %{real_epoch}:%{real_version}, rsyslog, openssl, %{apache}, %{apache_tools}, python
|
||
|
||
## RHEL
|
||
%if 0%{?rhel}
|
||
... | ... | |
install -m 644 %{_sourcedir}/relay-api/apache/relay-api.conf %{buildroot}/etc/%{apache_vhost_dir}/relay-api.conf
|
||
|
||
# Others
|
||
install -m 644 %{SOURCE1} %{buildroot}/etc/%{apache_vhost_dir}/rudder-relay-vhost.conf
|
||
install -m 644 %{SOURCE4} %{buildroot}/etc/%{apache_vhost_dir}/rudder-relay-vhost-ssl.conf
|
||
install -m 644 %{SOURCE5} %{buildroot}%{rudderdir}/etc/rudder-relay-apache-common.conf
|
||
install -m 644 %{SOURCE1} %{buildroot}/etc/%{apache_vhost_dir}/rudder.conf
|
||
install -m 644 %{SOURCE5} %{buildroot}%{rudderdir}/etc/rudder-apache-relay-common.conf
|
||
install -m 644 %{SOURCE6} %{buildroot}/etc/sysconfig/rudder-relay-apache
|
||
|
||
# Copy stub rudder-networks*.conf
|
||
... | ... | |
service %{apache} stop > /dev/null && echo " Done"
|
||
%endif
|
||
%if 0%{?rhel} >= 7
|
||
/bin/systemctl stop %{apache}.service && echo " Done"
|
||
/bin/systemctl stop %{apache}.service && echo " Done"
|
||
%endif
|
||
|
||
%if 0%{?suse_version}
|
||
... | ... | |
|
||
# Do this ONLY at first install
|
||
if [ $1 -eq 1 ]; then
|
||
echo -e '# This sources the configuration file needed by Rudder\n. /etc/sysconfig/rudder-relay-apache' >> /etc/sysconfig/apache2
|
||
echo 'DAVLockDB /tmp/davlock.db' > /etc/%{apache}/conf.d/dav_mod.conf
|
||
fi
|
||
|
||
# Add required includes in the SLES apache2 configuration
|
||
%if 0%{?suse_version}
|
||
# Add required includes in the apache2 configuration
|
||
if ! grep -qE "^. /etc/sysconfig/rudder-relay-apache$" /etc/sysconfig/apache2; then
|
||
echo -e '#¬This sources the modules/defines needed by Rudder\n. /etc/sysconfig/rudder-relay-apache' >> /etc/sysconfig/apache2
|
||
echo -e '# This sources the modules/defines needed by Rudder\n. /etc/sysconfig/rudder-relay-apache' >> /etc/sysconfig/apache2
|
||
fi
|
||
%endif
|
||
|
||
# Remove old includes in the SLES apache2 configuration
|
||
if [ -f /etc/sysconfig/apache2 ]; then
|
||
if grep -qE "^. /etc/sysconfig/rudder-apache$" /etc/sysconfig/apache2; then
|
||
sed -i "/. \/etc\/sysconfig\/rudder-apache/d" /etc/sysconfig/apache2
|
||
fi
|
||
fi
|
||
|
||
# On SLES, change the Apache DocumentRoot to the OS default
|
||
sed -i "s%^DocumentRoot /var/www$%DocumentRoot /srv/www%" %{buildroot}%{rudderdir}/etc/rudder-apache-relay-common.conf
|
||
%endif
|
||
|
||
# Create inventory repositories and add rights to the apache user to
|
||
# access /var/rudder/inventories/incoming
|
||
... | ... | |
%{htpasswd_cmd} -bc ${passwdfile} rudder rudder >/dev/null 2>&1
|
||
done
|
||
|
||
# Generate the SSL certificates if needed
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder-relay.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder-relay.key ]; then
|
||
# Migrate existing certificates
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder.key ]; then
|
||
for source in relay webapp; do
|
||
if [ -f /opt/rudder/etc/ssl/rudder-${source}.crt ] && [ -f /opt/rudder/etc/ssl/rudder-${source}.key ]; then
|
||
echo -n "INFO: Importing existing ${source} certificates..."
|
||
mv /opt/rudder/etc/ssl/rudder-${source}.crt /opt/rudder/etc/ssl/rudder.crt
|
||
mv /opt/rudder/etc/ssl/rudder-${source}.key /opt/rudder/etc/ssl/rudder.key
|
||
echo " Done"
|
||
fi
|
||
done
|
||
fi
|
||
|
||
# Generate certificates if needed
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder.key ]; then
|
||
echo -n "INFO: No usable SSL certificate detected for Rudder HTTP/S support, generating one automatically..."
|
||
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder-relay.key -out /opt/rudder/etc/ssl/rudder-relay.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
chgrp %{apache_group} /opt/rudder/etc/ssl/rudder-relay.key && chmod 640 /opt/rudder/etc/ssl/rudder-relay.key
|
||
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder.key -out /opt/rudder/etc/ssl/rudder.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
chgrp %{apache_group} /opt/rudder/etc/ssl/rudder.key && chmod 640 /opt/rudder/etc/ssl/rudder.key
|
||
echo " Done"
|
||
fi
|
||
|
||
# Move old virtual hosts out of the way
|
||
for OLD_VHOST in rudder-default rudder-default-ssl rudder-default.conf rudder-default-ssl.conf rudder-vhost.conf rudder-vhost-ssl.conf rudder-relay-vhost.conf rudder-relay-vhost-ssl.conf; do
|
||
if [ -f /etc/%{apache_vhost_dir}/${OLD_VHOST} ]; then
|
||
echo -n "INFO: An old rudder virtual host file has been detected (${OLD_VHOST}), it will be moved to /var/backups."
|
||
mkdir -p /var/backups
|
||
mv /etc/%{apache_vhost_dir}/${OLD_VHOST} /var/backups/${OLD_VHOST}-$(date +%s)
|
||
echo " Done"
|
||
fi
|
||
done
|
||
|
||
echo -n "INFO: Starting Apache HTTPd..."
|
||
%if 0%{?rhel} < 7
|
||
service %{apache} start > /dev/null && echo " Done"
|
||
... | ... | |
/bin/systemctl start %{apache}.service && echo " Done"
|
||
%endif
|
||
|
||
|
||
# Do this ONLY at first install
|
||
if [ $1 -eq 1 ]
|
||
then
|
||
... | ... | |
echo "*****************************************************************************************"
|
||
echo "INFO: rudder-server-relay setup complete. "
|
||
echo "INFO: "
|
||
echo "INFO: Now run '/opt/rudder/bin/rudder-node-to-relay $(cat %{rudderdir}/etc/uuid.hive)' "
|
||
echo "INFO: on your root server to complete this node transition to a relay server. "
|
||
echo "INFO: "
|
||
echo "INFO: Please look at the documentation for details (Section 'Relay servers') "
|
||
echo "INFO: * If you are installing a root server, configuration is automatically done "
|
||
echo "INFO: * If you are installing a simple relay, run: "
|
||
echo "INFO: '/opt/rudder/bin/rudder-node-to-relay $(cat /opt/rudder/etc/uuid.hive)' "
|
||
echo "INFO: on your root server to complete this node transition to a relay server. "
|
||
echo "INFO: Please look at the documentation for details (Section 'Relay servers') "
|
||
echo "*****************************************************************************************"
|
||
fi
|
||
|
||
... | ... | |
%defattr(-, root, root, 0755)
|
||
%{rudderdir}/etc/
|
||
/etc/%{apache_vhost_dir}/
|
||
%config(noreplace) /etc/%{apache_vhost_dir}/rudder-relay-vhost.conf
|
||
%config(noreplace) /etc/%{apache_vhost_dir}/rudder-relay-vhost-ssl.conf
|
||
%config(noreplace) %{rudderdir}/etc/rudder-relay-apache-common.conf
|
||
%config(noreplace) /etc/%{apache_vhost_dir}/rudder-vhost.conf
|
||
%config(noreplace) %{rudderdir}/etc/rudder-relay-apache-relay-common.conf
|
||
%config(noreplace) %{rudderdir}/etc/rudder-networks.conf
|
||
%config(noreplace) %{rudderdir}/etc/rudder-networks-24.conf
|
||
%config(noreplace) /etc/sysconfig/rudder-relay-apache
|
rudder-server-relay/debian/conffiles | ||
---|---|---|
/etc/apache2/sites-available/rudder-relay-vhost
|
||
/etc/apache2/sites-available/rudder-relay-vhost-ssl
|
||
/opt/rudder/etc/rudder-relay-apache-common.conf
|
||
/etc/apache2/sites-available/rudder.conf
|
||
/opt/rudder/etc/rudder-apache-relay-common.conf
|
||
/opt/rudder/etc/rudder-networks.conf
|
||
/opt/rudder/etc/rudder-networks-24.conf
|
rudder-server-relay/debian/control | ||
---|---|---|
|
||
Package: rudder-server-relay
|
||
Architecture: any
|
||
Depends: ${shlibs:Depends}, ${misc:Depends}, python, rudder-agent, apache2, apache2-utils, rsyslog, openssl, libapache2-mod-wsgi
|
||
Depends: ${shlibs:Depends}, ${misc:Depends}, python, rudder-agent (>= ${binary:Version}), apache2, apache2-utils, rsyslog, openssl, libapache2-mod-wsgi
|
||
Description: Configuration management and audit tool - Server relay package
|
||
Rudder is an open source configuration management and audit solution.
|
||
.
|
||
This package is required to setup a Rudder relay server.
|
||
This package is required to setup a Rudder policy server.
|
rudder-server-relay/debian/links | ||
---|---|---|
/etc/apache2/sites-available/rudder-relay-vhost /etc/apache2/sites-available/rudder-relay-vhost.conf
|
||
/etc/apache2/sites-available/rudder-relay-vhost-ssl /etc/apache2/sites-available/rudder-relay-vhost-ssl.conf
|
rudder-server-relay/debian/postinst | ||
---|---|---|
echo " Done"
|
||
fi
|
||
|
||
SITES_TO_DISABLE="default 000-default default-ssl"
|
||
SITES_TO_ENABLE="rudder-relay-vhost rudder-relay-vhost-ssl"
|
||
SITES_TO_DISABLE="default 000-default default-ssl rudder-vhost rudder-vhost-ssl rudder-relay-vhost rudder-relay-vhost-ssl"
|
||
SITES_TO_ENABLE="rudder"
|
||
|
||
MODULES_TO_ENABLE="dav dav_fs ssl wsgi"
|
||
|
||
... | ... | |
htpasswd -bc ${passwdfile} rudder rudder >/dev/null 2>&1
|
||
done
|
||
|
||
# Generate the SSL certificates if needed
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder-relay.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder-relay.key ]; then
|
||
# Migrate existing certificates
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder.key ]; then
|
||
for source in relay webapp; do
|
||
if [ -f /opt/rudder/etc/ssl/rudder-${source}.crt ] && [ -f /opt/rudder/etc/ssl/rudder-${source}.key ]; then
|
||
echo -n "INFO: Importing existing ${source} certificates..."
|
||
mv /opt/rudder/etc/ssl/rudder-${source}.crt /opt/rudder/etc/ssl/rudder.crt
|
||
mv /opt/rudder/etc/ssl/rudder-${source}.key /opt/rudder/etc/ssl/rudder.key
|
||
echo " Done"
|
||
fi
|
||
done
|
||
fi
|
||
|
||
# Generate certificates if needed
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder.key ]; then
|
||
echo -n "INFO: No usable SSL certificate detected for Rudder relay HTTP/S support, generating one automatically..."
|
||
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder-relay.key -out /opt/rudder/etc/ssl/rudder-relay.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
chgrp www-data /opt/rudder/etc/ssl/rudder-relay.key && chmod 640 /opt/rudder/etc/ssl/rudder-relay.key
|
||
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder.key -out /opt/rudder/etc/ssl/rudder.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
chgrp www-data /opt/rudder/etc/ssl/rudder.key && chmod 640 /opt/rudder/etc/ssl/rudder.key
|
||
echo " Done"
|
||
fi
|
||
|
||
# Move old virtual hosts out of the way
|
||
for OLD_VHOST in rudder-default rudder-default-ssl rudder-vhost.conf rudder-vhost-ssl.conf rudder-relay-vhost.conf rudder-relay-vhost-ssl.conf; do
|
||
if [ -f /etc/apache2/sites-available/${OLD_VHOST} ]; then
|
||
echo -n "INFO: An old rudder virtual host file has been detected (${OLD_VHOST}), it will be moved to /var/backups."
|
||
mkdir -p /var/backups
|
||
mv /etc/apache2/sites-available/${OLD_VHOST} /var/backups/${OLD_VHOST}-$(date +%s)
|
||
echo " Done"
|
||
fi
|
||
done
|
||
|
||
echo -n "INFO: Restarting Apache HTTPd..."
|
||
service apache2 restart >/dev/null 2>&1
|
||
echo " Done"
|
||
... | ... | |
echo "*****************************************************************************************"
|
||
echo "INFO: rudder-server-relay setup complete. "
|
||
echo "INFO: "
|
||
echo "INFO: Now run '/opt/rudder/bin/rudder-node-to-relay $(cat /opt/rudder/etc/uuid.hive)' "
|
||
echo "INFO: on your root server to complete this node transition to a relay server. "
|
||
echo "INFO: "
|
||
echo "INFO: Please look at the documentation for details (Section 'Relay servers') "
|
||
echo "INFO: * If you are installing a root server, configuration is automatically done "
|
||
echo "INFO: * If you are installing a simple relay, run: "
|
||
echo "INFO: '/opt/rudder/bin/rudder-node-to-relay $(cat /opt/rudder/etc/uuid.hive)' "
|
||
echo "INFO: on your root server to complete this node transition to a relay server. "
|
||
echo "INFO: Please look at the documentation for details (Section 'Relay servers') "
|
||
echo "*****************************************************************************************"
|
||
fi
|
||
|
rudder-server-relay/debian/rules | ||
---|---|---|
dh_installchangelogs
|
||
# dh_installdocs
|
||
# dh_installexamples
|
||
cp $(CURDIR)/SOURCES/rudder-relay-vhost.conf $(CURDIR)/BUILD/rudder-relay-vhost
|
||
cp $(CURDIR)/SOURCES/rudder-relay-vhost-ssl.conf $(CURDIR)/BUILD/rudder-relay-vhost-ssl
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay-vhost /etc/apache2/sites-available/
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay-vhost-ssl /etc/apache2/sites-available/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-relay-apache-common.conf /opt/rudder/etc/
|
||
cp $(CURDIR)/SOURCES/rudder-relay-vhost.conf $(CURDIR)/BUILD/rudder
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder /etc/apache2/sites-available/rudder
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-apache-relay-common.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks-24.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api relay_api/ /opt/rudder/share/relay-api/
|
rudder-webapp/SOURCES/rudder-apache-webapp-common.conf | ||
---|---|---|
# Prevent Chrome loop detection to block the page after too many
|
||
# page reloads.
|
||
<LocationMatch "/rudder">
|
||
Header add X-Chrome-Exponential-Throttling "disable"
|
||
</LocationMatch>
|
||
|
||
# MSIE 7 and newer should be able to use keepalive
|
||
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
|
||
|
||
# Prevent the apache logs from beeing cluttered by 404 errors
|
||
# due to a missing robots.txt file.
|
||
Alias /robots.txt /opt/rudder/share/load-page/robots.txt
|
||
|
||
# Nice loading page if the Java server is not ready
|
||
Alias /images /opt/rudder/share/load-page/images
|
||
Alias /files /opt/rudder/share/load-page/files
|
||
|
||
Alias /rudder-loading.html /opt/rudder/share/load-page/rudder-loading.html
|
||
Alias /rudder-not-loaded.html /opt/rudder/share/load-page/rudder-not-loaded.html
|
||
|
||
ErrorDocument 503 /rudder-loading.html
|
||
ErrorDocument 404 /rudder-not-loaded.html
|
||
ProxyErrorOverride On
|
||
|
||
<IfVersion >= 2.4>
|
||
<Location /rudder/api>
|
||
ProxyErrorOverride Off
|
||
</Location>
|
||
<Location /rudder/secure/api>
|
||
ProxyErrorOverride Off
|
||
</Location>
|
||
<Location /rudder/relay-api>
|
||
ProxyErrorOverride Off
|
||
</Location>
|
||
<Location /inventories>
|
||
ProxyErrorOverride Off
|
||
</Location>
|
||
<Location /inventory-updates>
|
||
ProxyErrorOverride Off
|
||
</Location>
|
||
<Location /uuid>
|
||
ProxyErrorOverride Off
|
||
</Location>
|
||
</IfVersion>
|
||
|
||
# Enforce permissive access to the load page directory
|
||
<Directory /opt/rudder/share/load-page>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Allow From all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all granted
|
||
</IfVersion>
|
||
</Directory>
|
||
|
||
# Deny the use of legacy API if using X-API-Version which is not '1'
|
||
SetEnvIf X-API-Version "[^1]" api_deny
|
||
# NO access to the status and archiving API unless you are localhost
|
||
<LocationMatch "^/rudder/api/(status|archives)$">
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Allow from localhost
|
||
Deny from env=api_deny
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
<RequireAll>
|
||
Require local
|
||
Require not env api_deny
|
||
</RequireAll>
|
||
</IfVersion>
|
||
</LocationMatch>
|
||
|
||
# NO access to the reloading API either unless you are localhost
|
||
<LocationMatch "^/rudder/api/(techniqueLibrary|dyngroup|deploy)/reload$">
|
||
<IfVersion < 2.4>
|
||
Order allow,deny
|
||
Allow from localhost
|
||
Deny from env=api_deny
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
<RequireAll>
|
||
Require local
|
||
Require not env api_deny
|
||
</RequireAll>
|
||
</IfVersion>
|
||
</LocationMatch>
|
||
|
||
# Note: The preceding statements are here for compatibility purpose and will
|
||
# be removed in a future version of Rudder, which will enforce authenticated
|
||
# calls to every API part.
|
||
|
||
# Link to Rudder documentation
|
||
Alias /rudder-doc /usr/share/doc/rudder/html
|
||
<Directory /usr/share/doc/rudder/html>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Allow From all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all granted
|
||
</IfVersion>
|
||
</Directory>
|
rudder-webapp/SOURCES/rudder-apache-webapp-nossl.conf | ||
---|---|---|
# Rudder webapp
|
||
RewriteEngine on
|
||
|
||
# Rule 1 - If hitting the server root, redirect to Rudder
|
||
RewriteRule ^/$ /rudder [R]
|
||
|
||
# Rule 2 - If we are not currently connected via HTTP/S
|
||
RewriteCond %{HTTPS} !=on
|
||
|
||
# Rule 2 - Don't use HTTP/S for these URLs to avoid breaking the compatibility for cURL
|
||
# clients (especially in Techniques)
|
||
RewriteCond %{REQUEST_URI} !^/rudder-(not-loaded|loading).html
|
||
RewriteCond %{REQUEST_URI} !^/uuid
|
||
RewriteCond %{REQUEST_URI} !^/inventories/?
|
||
RewriteCond %{REQUEST_URI} !^/inventory-updates/?
|
||
RewriteCond %{REQUEST_URI} !^/api/?
|
||
|
||
# Rule 2 - Restrict redirection to Rudder webapp
|
||
RewriteCond %{REQUEST_URI} ^/rudder/?
|
||
|
||
# Rule 2 - Redirect to HTTP/S
|
||
RewriteRule ^/(.*)$ https://%{SERVER_NAME}/$1 [R]
|
rudder-webapp/SOURCES/rudder-apache-webapp-ssl.conf | ||
---|---|---|
# Rudder webapp
|
||
RewriteEngine on
|
||
RewriteRule ^/$ /rudder [R]
|
||
|
||
ProxyPass "/rudder" "http://localhost:8080/rudder" retry=0
|
||
ProxyPassReverse "/rudder" "http://localhost:8080/rudder"
|
||
ProxyRequests Off
|
||
|
||
# Local reverse proxy authorization override
|
||
# Most unix distribution deny proxy by default (ie /etc/apache2/mods-enabled/proxy.conf in Ubuntu)
|
||
<Proxy http://localhost:8080/rudder*>
|
||
<IfVersion < 2.4>
|
||
Order deny,allow
|
||
Allow From all
|
||
</IfVersion>
|
||
<IfVersion >= 2.4>
|
||
Require all granted
|
||
</IfVersion>
|
||
</Proxy>
|
rudder-webapp/SOURCES/rudder-networks-24.conf | ||
---|---|---|
Require all denied
|
rudder-webapp/SOURCES/rudder-networks.conf | ||
---|---|---|
Deny from all
|
rudder-webapp/SOURCES/rudder-webapp-apache | ||
---|---|---|
# Apache modules
|
||
APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http headers ssl version"
|
||
|
||
# Apache configuration flags
|
||
APACHE_SERVER_FLAGS="${APACHE_SERVER_FLAGS} SSL"
|
rudder-webapp/SPECS/rudder-webapp.spec | ||
---|---|---|
#
|
||
#####################################################################################
|
||
|
||
#=================================================
|
||
# Specification file for rudder-webapp
|
||
#
|
||
# Installs Rudder's WAR files
|
||
#
|
||
# Copyright (C) 2011 Normation
|
||
#=================================================
|
||
|
||
#=================================================
|
||
# Variables
|
||
#=================================================
|
||
... | ... | |
|
||
Source1: rudder-users.xml
|
||
Source2: rudder.xml
|
||
Source3: rudder-networks.conf
|
||
Source4: rudder-networks-24.conf
|
||
Source5: rudder-upgrade
|
||
Source7: rudder-webapp
|
||
Source8: rudder-web
|
||
... | ... | |
Source21: rudder-webapp.fc
|
||
Source22: rudder-keys
|
||
Source23: .gitignore
|
||
Source24: rudder-webapp-apache
|
||
|
||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||
BuildArch: noarch
|
||
|
||
# Dependencies
|
||
Requires: rudder-techniques = %{real_epoch}:%{real_version}, ncf, ncf-api-virtualenv, %{apache}, %{apache_tools}, git-core, rsync, openssl, %{ldap_clients}
|
||
Requires: rudder-techniques = %{real_epoch}:%{real_version}, rudder-server-relay = %{real_epoch}:%{real_version}, ncf, ncf-api-virtualenv, %{apache}, %{apache_tools}, git-core, rsync, openssl, %{ldap_clients}
|
||
|
||
# We need the PostgreSQL client utilities so that we can run database checks and upgrades (rudder-upgrade, in particular)
|
||
Requires: postgresql >= 8.4
|
||
... | ... | |
rm -rf %{buildroot}
|
||
|
||
mkdir -p %{buildroot}%{rudderdir}/etc/
|
||
mkdir -p %{buildroot}%{rudderdir}/etc/ssl/
|
||
mkdir -p %{buildroot}%{rudderdir}/etc/plugins/
|
||
mkdir -p %{buildroot}%{rudderdir}/etc/server-roles.d/
|
||
mkdir -p %{buildroot}%{rudderdir}/etc/hooks.d/
|
||
... | ... | |
mkdir -p %{buildroot}%{rudderdir}/share/upgrade-tools/
|
||
mkdir -p %{buildroot}%{rudderdir}/share/certificates/
|
||
mkdir -p %{buildroot}%{rudderdir}/share/selinux/
|
||
mkdir -p %{buildroot}%{ruddervardir}/inventories/incoming
|
||
mkdir -p %{buildroot}%{ruddervardir}/inventories/accepted-nodes-updates
|
||
mkdir -p %{buildroot}%{ruddervardir}/inventories/received
|
||
mkdir -p %{buildroot}%{ruddervardir}/inventories/failed
|
||
mkdir -p %{buildroot}%{ruddervardir}/configuration-repository/ncf/ncf-hooks.d
|
||
... | ... | |
cp -rf %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/load-page %{buildroot}%{rudderdir}/share/
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-core/src/test/resources/script/cfe-red-button.sh %{buildroot}%{rudderdir}/bin/
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-core/src/main/resources/reportsInfo.xml %{buildroot}%{rudderdir}/etc/
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/rudder-apache-common.conf %{buildroot}%{rudderdir}/etc/rudder-apache-common.conf
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/rudder-vhost.conf %{buildroot}/etc/%{apache_vhost_dir}/rudder-vhost.conf
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/rudder-vhost-ssl.conf %{buildroot}/etc/%{apache_vhost_dir}/rudder-vhost-ssl.conf
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/apache2-sysconfig %{buildroot}/etc/sysconfig/rudder-apache
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/rudder-apache-webapp-common.conf %{buildroot}%{rudderdir}/etc/rudder-apache-webapp-common.conf
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/rudder-apache-webapp-ssl.conf %{buildroot}%{rudderdir}/etc/rudder-apache-webapp-ssl.conf
|
||
cp %{_sourcedir}/rudder-sources/rudder/rudder-web/src/main/resources/rudder-apache-webapp-nossl.conf %{buildroot}%{rudderdir}/etc/rudder-apache-webapp-no-ssl.conf
|
||
cp %{SOURCE24} %{buildroot}/etc/sysconfig/rudder-webapp-apache
|
||
|
||
cp -r %{_sourcedir}/rudder-sources/rudder/rudder-core/src/main/resources/hooks.d %{buildroot}%{rudderdir}/etc/
|
||
|
||
install -m 644 %{SOURCE2} %{buildroot}%{rudderdir}/share/webapps/
|
||
|
||
# Copy stub rudder-networks*.conf
|
||
cp %{SOURCE3} %{buildroot}%{rudderdir}/etc/
|
||
cp %{SOURCE4} %{buildroot}%{rudderdir}/etc/
|
||
|
||
%if 0%{?suse_version}
|
||
# On SLES, change the Apache DocumentRoot to the OS default
|
||
sed -i "s%^DocumentRoot /var/www$%DocumentRoot /srv/www%" %{buildroot}%{rudderdir}/etc/rudder-apache-common.conf
|
||
%endif
|
||
|
||
# Install upgrade tools and migration scripts
|
||
|
||
## SQL
|
||
... | ... | |
|
||
# Add required includes in the SLES apache2 configuration
|
||
%if 0%{?suse_version}
|
||
if ! grep -qE "^. /etc/sysconfig/rudder-apache$" /etc/sysconfig/apache2
|
||
if ! grep -qE "^. /etc/sysconfig/rudder-webapp-apache$" /etc/sysconfig/apache2
|
||
then
|
||
echo -e '# This sources the modules/defines needed by Rudder\n. /etc/sysconfig/rudder-apache' >> /etc/sysconfig/apache2
|
||
echo -e '# This sources the modules/defines needed by Rudder\n. /etc/sysconfig/rudder-webapp-apache' >> /etc/sysconfig/apache2
|
||
fi
|
||
%endif
|
||
|
||
# Update /etc/sysconfig/apache2 in case an old module loading entry has already been created by Rudder
|
||
if [ -f /etc/sysconfig/apache2 ] && grep -q 'APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http' /etc/sysconfig/apache2
|
||
then
|
||
echo "INFO: Upgrading the /etc/sysconfig/apache2 file, Rudder needed modules for Apache are now listed in /etc/sysconfig/rudder-apache"
|
||
sed -i 's%APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http.*%# This sources the Rudder needed by Rudder\n. /etc/sysconfig/rudder-apache%' /etc/sysconfig/apache2
|
||
echo "INFO: Upgrading the /etc/sysconfig/apache2 file, Rudder needed modules for Apache are now listed in /etc/sysconfig/rudder-relay-apache"
|
||
sed -i 's%APACHE_MODULES="${APACHE_MODULES} rewrite dav dav_fs proxy proxy_http.*%# This sources the Rudder needed by Rudder\n. /etc/sysconfig/rudder-relay-apache%' /etc/sysconfig/apache2
|
||
fi
|
||
|
||
# Add right to apache user to access /var/rudder/inventories/incoming
|
||
# Add perms on tools and inventories
|
||
chmod 751 /var/rudder/inventories
|
||
chown root:%{apache_group} %{ruddervardir}/inventories/incoming
|
||
chmod 2770 %{ruddervardir}/inventories/incoming
|
||
chown root:%{apache_group} %{ruddervardir}/inventories/accepted-nodes-updates
|
||
chmod 2770 %{ruddervardir}/inventories/accepted-nodes-updates
|
||
chmod 755 -R %{rudderdir}/share/tools
|
||
chmod 655 -R %{rudderdir}/share/load-page
|
||
|
||
%{htpasswd_cmd} -bc %{rudderdir}/etc/htpasswd-webdav-initial rudder rudder >/dev/null 2>&1
|
||
%{htpasswd_cmd} -bc %{rudderdir}/etc/htpasswd-webdav rudder rudder >/dev/null 2>&1
|
||
|
||
# If the current Rudder HTTPd configuration uses /var/log/rudder/httpd, change it
|
||
for i in /etc/%{apache_vhost_dir}/rudder-*.conf
|
||
do
|
||
if grep -q /var/log/rudder/httpd "${i}"; then
|
||
echo -n "INFO: Old logging configuration detected in ${i}, changing to log into %{rudderlogdir}/apache2..."
|
||
sed -i "s%/var/log/rudder/httpd/\(.*\).log%/var/log/rudder/apache2/\1.log%" "${i}"
|
||
echo " Done"
|
||
fi
|
||
done
|
||
|
||
# If this machine has old logging entries on RHEL, migrate them.
|
||
if [ -d %{rudderlogdir}/httpd ]; then
|
||
echo -n "INFO: Old logging directory detected (%{rudderlogdir}/httpd), migrating to %{rudderlogdir}/apache2..."
|
||
mkdir -p %{rudderlogdir}/apache2
|
||
mv %{rudderlogdir}/httpd/* %{rudderlogdir}/apache2/
|
||
rmdir %{rudderlogdir}/httpd
|
||
echo " Done"
|
||
fi
|
||
|
||
# Move old virtual hosts out of the way
|
||
for OLD_VHOST in rudder-default rudder-default-ssl rudder-default.conf rudder-default-ssl.conf; do
|
||
if [ -f /etc/%{apache_vhost_dir}/${OLD_VHOST} ]; then
|
||
echo -n "INFO: An old rudder virtual host file has been detected (${OLD_VHOST}), it will be moved to /var/backups."
|
||
mkdir -p /var/backups
|
||
mv /etc/%{apache_vhost_dir}/${OLD_VHOST} /var/backups/${OLD_VHOST}-$(date +%s)
|
||
echo " Done"
|
||
fi
|
||
done
|
||
|
||
# Generate the SSL certificates if needed
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder-webapp.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder-webapp.key ]; then
|
||
echo -n "INFO: No usable SSL certificate detected for Rudder HTTP/S support, generating one automatically..."
|
||
openssl req -new -x509 -newkey rsa:2048 -subj "/C=FR/ST=France/L=Paris/CN=$(hostname --fqdn)/emailAddress=root@$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder-webapp.key -out /opt/rudder/etc/ssl/rudder-webapp.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
chgrp %{apache_group} /opt/rudder/etc/ssl/rudder-webapp.key && chmod 640 /opt/rudder/etc/ssl/rudder-webapp.key
|
||
echo " Done"
|
||
fi
|
||
|
||
%if 0%{?rhel} || 0%{?fedora}
|
||
# SELinux support
|
||
# Check "sestatus" presence, and if here tweak our installation to be
|
||
... | ... | |
# Remove required includes in the SLES apache2 configuration
|
||
if [ -f /etc/sysconfig/apache2 ]; then
|
||
sed -i "/# This sources the modules\/defines needed by Rudder/d" /etc/sysconfig/apache2
|
||
sed -i "/. \/etc\/sysconfig\/rudder-apache/d" /etc/sysconfig/apache2
|
||
sed -i "/. \/etc\/sysconfig\/rudder-webapp-apache/d" /etc/sysconfig/apache2
|
||
|
||
# Also remove an older comment that was erroneously added until 2.11.21 / 3.0.16 / 3.1.10 / 3.2.3
|
||
sed -i "/# This sources the configuration file needed by Rudder/d" /etc/sysconfig/apache2
|
||
... | ... | |
%{ruddervardir}/configuration-repository/ncf/ncf-hooks.d
|
||
%{rudderlogdir}/apache2/
|
||
/etc/%{apache_vhost_dir}/
|
||
%config %{rudderdir}/etc/rudder-apache-common.conf
|
||
%config(noreplace) /etc/%{apache_vhost_dir}/rudder-vhost.conf
|
||
%config(noreplace) /etc/%{apache_vhost_dir}/rudder-vhost-ssl.conf
|
||
%config(noreplace) %{rudderdir}/etc/rudder-networks.conf
|
||
%config(noreplace) %{rudderdir}/etc/rudder-networks-24.conf
|
||
%config(noreplace) /etc/sysconfig/rudder-apache
|
||
%config %{rudderdir}/etc/rudder-apache-webapp.conf
|
||
%config(noreplace) /etc/sysconfig/rudder-webapp-apache
|
||
/usr/share/doc/rudder
|
||
|
||
#=================================================
|
rudder-webapp/debian/conffiles | ||
---|---|---|
/opt/rudder/etc/rudder-web.properties
|
||
/opt/rudder/etc/rudder-users.xml
|
||
/opt/rudder/etc/logback.xml
|
||
/opt/rudder/etc/rudder-apache-common.conf
|
||
/etc/apache2/sites-available/rudder-vhost
|
||
/etc/apache2/sites-available/rudder-vhost-ssl
|
||
/opt/rudder/etc/rudder-apache-webapp-common.conf
|
||
/opt/rudder/etc/rudder-networks.conf
|
||
/opt/rudder/etc/rudder-networks-24.conf
|
||
/opt/rudder/etc/rudder-passwords.conf
|
rudder-webapp/debian/control | ||
---|---|---|
|
||
Package: rudder-webapp
|
||
Architecture: all
|
||
Depends: ${shlibs:Depends}, ${misc:Depends}, rudder-jetty | jetty | jetty8, rudder-techniques (>= ${binary:Version}), apache2, apache2-utils, ncf, git-core, rsync, lsb-release, openssl, ldap-utils, postgresql-client (>=8.4), ncf-api-virtualenv
|
||
# Begin takeover config: in version 2.11, rudder-webapp took over several files from rudder-server-root
|
||
# See http://www.rudder-project.org/redmine/issues/4654
|
||
Replaces: rudder-server-root (<< 2.11)
|
||
Breaks: rudder-server-root (<< 2.11)
|
||
# End takeover config
|
||
Depends: ${shlibs:Depends}, ${misc:Depends}, rudder-jetty | jetty | jetty8, rudder-techniques (= ${binary:Version}), rudder-server-relay (= ${binary:Version}), apache2, apache2-utils, ncf, git-core, rsync, lsb-release, openssl, ldap-utils, postgresql-client (>=8.4), ncf-api-virtualenv
|
||
Description: Configuration management and audit tool - webapp
|
||
Rudder is an open source configuration management and audit solution.
|
||
.
|
rudder-webapp/debian/dirs | ||
---|---|---|
opt/rudder/share/certificates
|
||
opt/rudder/share/selinux
|
||
opt/rudder/etc
|
||
opt/rudder/etc/ssl
|
||
opt/rudder/etc/plugins
|
||
opt/rudder/etc/hooks.d
|
||
opt/rudder/share/tools
|
||
... | ... | |
var/rudder/lock
|
||
var/rudder/tools
|
||
var/rudder/run
|
||
var/rudder/inventories/accepted-nodes-updates
|
||
var/rudder/inventories/incoming
|
||
var/rudder/inventories/received
|
||
var/rudder/inventories/failed
|
||
var/rudder/inventories/historical
|
rudder-webapp/debian/postinst | ||
---|---|---|
invoke-rc.d rsyslog restart >/dev/null 2>&1
|
||
echo "Done"
|
||
|
||
# Get the current apache version
|
||
APACHE_VERSION=$(apache2 -v|grep Apache|sed "s%^.*Apache/\([0-9].[0-9]\).*%\1%")
|
||
|
||
SITES_TO_DISABLE="default 000-default default-ssl rudder-default rudder-default-ssl"
|
||
SITES_TO_ENABLE="rudder-vhost rudder-vhost-ssl"
|
||
|
||
MODULES_TO_ENABLE="dav_fs rewrite proxy_http headers ssl"
|
||
MODULES_TO_ENABLE="rewrite proxy_http headers ssl"
|
||
|
||
# This module is compiled in core in some distro (debian)
|
||
a2enmod version >/dev/null 2>&1 || true
|
||
|
||
# Migration: Clean up old vhosts if we are running Apache 2.4
|
||
if [ ${APACHE_VERSION} = 2.4 ]
|
||
then
|
||
for i in ${SITES_TO_ENABLE}
|
||
do
|
||
[ ! -e /etc/apache2/sites-enabled/${i} ] || rm -f /etc/apache2/sites-enabled/${i}
|
||
done
|
||
fi
|
||
|
||
for dissite in ${SITES_TO_DISABLE}
|
||
do
|
||
a2dissite ${dissite} >/dev/null 2>&1 || true
|
||
done
|
||
|
||
for ensite in ${SITES_TO_ENABLE}
|
||
do
|
||
a2ensite ${ensite} >/dev/null 2>&1
|
||
done
|
||
|
||
for enmod in ${MODULES_TO_ENABLE}
|
||
do
|
||
a2enmod ${enmod} >/dev/null 2>&1
|
||
done
|
||
|
||
# Add right to apache user to access /var/rudder/inventories/incoming
|
||
# Add perms on tools and inventories
|
||
chmod 751 /var/rudder/inventories
|
||
chown root:www-data /var/rudder/inventories/incoming
|
||
chmod 2770 /var/rudder/inventories/incoming
|
||
chown root:www-data /var/rudder/inventories/accepted-nodes-updates
|
||
chmod 2770 /var/rudder/inventories/accepted-nodes-updates
|
||
chmod 755 -R /opt/rudder/share/tools
|
||
|
||
htpasswd -bc /opt/rudder/etc/htpasswd-webdav-initial rudder rudder >/dev/null 2>&1
|
||
htpasswd -bc /opt/rudder/etc/htpasswd-webdav rudder rudder >/dev/null 2>&1
|
||
|
||
# Move old virtual hosts out of the way
|
||
for OLD_VHOST in rudder-default rudder-default-ssl; do
|
||
if [ -f /etc/apache2/sites-available/${OLD_VHOST} ]; then
|
||
echo -n "INFO: An old rudder virtual host file has been detected (${OLD_VHOST}), it will be moved to /var/backups."
|
||
mkdir -p /var/backups
|
||
mv /etc/apache2/sites-available/${OLD_VHOST} /var/backups/${OLD_VHOST}-$(date +%s)
|
||
echo " Done"
|
||
fi
|
||
done
|
||
|
||
# Generate the SSL certificates if needed
|
||
if [ ! -f /opt/rudder/etc/ssl/rudder-webapp.crt ] || [ ! -f /opt/rudder/etc/ssl/rudder-webapp.key ]; then
|
||
echo -n "INFO: No usable SSL certificate detected for Rudder HTTP/S support, generating one automatically..."
|
||
openssl req -new -x509 -newkey rsa:2048 -subj "/C=FR/ST=France/L=Paris/CN=$(hostname --fqdn)/emailAddress=root@$(hostname --fqdn)/" -keyout /opt/rudder/etc/ssl/rudder-webapp.key -out /opt/rudder/etc/ssl/rudder-webapp.crt -days 1460 -nodes -sha256 >/dev/null 2>&1
|
||
chgrp www-data /opt/rudder/etc/ssl/rudder-webapp.key && chmod 640 /opt/rudder/etc/ssl/rudder-webapp.key
|
||
echo " Done"
|
||
fi
|
||
|
||
echo -n "INFO: Restarting Apache HTTPd..."
|
||
/etc/init.d/apache2 restart >/dev/null 2>&1
|
||
echo " Done"
|
rudder-webapp/debian/rules | ||
---|---|---|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-core/src/test/resources/script/ cfe-red-button.sh /opt/rudder/bin/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-core/src/main/resources/ reportsInfo.xml /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/ load-page/ /opt/rudder/share/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/ rudder-apache-common.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/ rudder-apache-webapp-common.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/ rudder-apache-webapp-ssl.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/ rudder-apache-webapp-nossl.conf /opt/rudder/etc/
|
||
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/rudder-sources/rudder/rudder-core/src/main/resources/ hooks.d/ /opt/rudder/etc/
|
||
cp $(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/rudder-vhost.conf $(CURDIR)/BUILD/rudder-vhost
|
||
cp $(CURDIR)/SOURCES/rudder-sources/rudder/rudder-web/src/main/resources/rudder-vhost-ssl.conf $(CURDIR)/BUILD/rudder-vhost-ssl
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-vhost /etc/apache2/sites-available/
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-vhost-ssl /etc/apache2/sites-available/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder.xml /opt/rudder/share/webapps/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-networks-24.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-passwords.conf /opt/rudder/etc/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-webapp /opt/rudder/etc/server-roles.d/
|
||
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/ rudder-web /opt/rudder/etc/server-roles.d/
|
Also available in: Unified diff
Fixes #9889: Remove common conf between relay and webapp from webapp package