summaryrefslogtreecommitdiffstats
path: root/setup
diff options
context:
space:
mode:
Diffstat (limited to 'setup')
-rw-r--r--setup/configs/openshift.yml21
-rw-r--r--setup/configs/security.yml9
-rw-r--r--setup/configs/volumes.yml25
-rw-r--r--setup/projects/adei/templates/60-adei.yml.j21
-rw-r--r--setup/projects/adei/vars/volumes.yml36
-rw-r--r--setup/projects/kaas/files/data/www/index.html (renamed from setup/projects/katrin/files/www/kaas/index.html)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/httpd.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/kaas/router.conf (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/magic (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/magic)0
-rw-r--r--setup/projects/kaas/files/etc/apache2/mime.types (renamed from setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types)0
-rw-r--r--setup/projects/kaas/keys/kaas.crt (renamed from setup/projects/katrin/keys/kaas.crt)0
-rw-r--r--setup/projects/kaas/keys/kaas.key (renamed from setup/projects/katrin/keys/kaas.key)0
-rw-r--r--setup/projects/kaas/templates/10-kaas-builder.yml.j242
-rw-r--r--setup/projects/kaas/templates/40-kaas-manager.yml.j291
-rw-r--r--setup/projects/kaas/vars/globals.yml (renamed from setup/projects/katrin/vars/globals.yml)1
-rw-r--r--setup/projects/kaas/vars/pods.yml15
-rw-r--r--setup/projects/kaas/vars/volumes.yml10
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf217
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf36
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README9
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf94
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf6
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf0
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf18
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf67
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf19
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf4
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf3
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf1
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf20
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf16
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf1
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf2
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf14
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf353
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic385
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf93
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf52
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf75
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf37
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf141
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf31
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf110
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf52
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf269
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf28
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf45
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf494
-rw-r--r--setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl43
l---------setup/projects/katrin/templates/40-kaas-manager.yml.j21
-rw-r--r--setup/projects/katrin/templates/katrin.yml.j2.bk135
-rw-r--r--setup/projects/katrin/vars/katrin.yml7
-rw-r--r--setup/projects/katrin/vars/pods.yml42
-rw-r--r--setup/projects/katrin/vars/volumes.yml11
65 files changed, 227 insertions, 2955 deletions
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
index 17351ac..e6e4c75 100644
--- a/setup/configs/openshift.yml
+++ b/setup/configs/openshift.yml
@@ -1,15 +1,26 @@
---
ands_openshift_projects:
- adei: ADEI
-
-# katrin: KArlsruhe TRItium Neutrino
-# test: Tesing
+ kaas: KaaS router and common resources
+ katrin: KArlsruhe TRItium Neutrino
+ adei: ADEI
+ bora: Build Once Run Always
+ web: Web Sites
+ mon: OpenShift monitoring
+ test: Namespace for testing and prototyping
ands_openshift_users:
pdv: IPE Administation Account
katrin: KATRIN Project
csa: Suren A. Chilingaryan <csa@suren.me>
+ kopmann: Andreas Kopmann <kopmann@kit.edu>
+ ntj: Nicholas Tan Jerome <nicholas.jerome@kit.edu>
ands_openshift_roles:
- cluster-admin: csa, pdv
+ cluster-admin: csa
+ kaas/admin: csa, kopmann
katrin/admin: katrin
+ adei/admin: csa
+ bora/admin: ntj
+ web/admin: kopmann
+ mon/admin: csa
+ test/admin: csa, ntj, kopmann, katrin
diff --git a/setup/configs/security.yml b/setup/configs/security.yml
index 413f57e..b870c55 100644
--- a/setup/configs/security.yml
+++ b/setup/configs/security.yml
@@ -1,6 +1,6 @@
ands_openshift_gid_mode:
-# adei: "RunAsAny"
ands_default: "MustRunAs"
+# sample: "RunAsAny"
#ands_openshift_uid_mode:
# ands_default: "MustRunAsRange"
@@ -8,8 +8,13 @@ ands_openshift_gid_mode:
#ands_openshift_uid_ranges:
ands_openshift_gid_ranges:
+ kaas: "4000/10"
katrin: "5000/10"
- adei: "5010/10"
+ test: "7100/10"
+ adei: "6000/10"
+ bora: "6100/10"
+ web: "6200/10"
+ mon: "7000/10"
ands_openshift_uids:
kaas: { id: 6000 }
diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml
index d93f177..f400eed 100644
--- a/setup/configs/volumes.yml
+++ b/setup/configs/volumes.yml
@@ -4,6 +4,7 @@ ands_paths:
openshift: /mnt/openshift
temporary: /mnt/temporary
databases: /mnt/databases
+ datastore: /mnt/datastore
katrin_data: /mnt/katrin
ands_heketi_domain:
@@ -15,10 +16,11 @@ ands_storage_domains:
- servers: "ands_storage_servers"
clients: "masters"
volumes:
- provision: { type: "cfg", mount: "{{ ands_paths.provision }}" }
- openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
- databases: { type: "db", mount: "{{ ands_paths.databases }}" }
- temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+ provision: { type: "cfg", mount: "{{ ands_paths.provision }}" }
+ openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
+ databases: { type: "db", mount: "{{ ands_paths.databases }}" }
+ temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+ datastore: { type: "data", mount: "{{ ands_paths.datastore }}" }
katrin_data: { type: "data", mount: "{{ ands_paths.katrin_data }}" }
# - servers: "storage_nodes"
# clients: "nodes"
@@ -30,13 +32,14 @@ ands_storage_domains:
# Per project list (to distribute in multiple namespaces later)
+# If not started with '/' will be prepended with project name
ands_openshift_volumes:
- etc: { volume: "openshift", path: "/etc" }
- src: { volume: "openshift", path: "/src" }
- www: { volume: "openshift", path: "/www" }
- log: { volume: "temporary", path: "/log", write: true}
- tmp: { volume: "temporary", path: "/tmp", write: true}
+ etc: { volume: "openshift", path: "" }
+ etcw: { volume: "openshift", path: "", write: true }
+ data: { volume: "datastore", path: "", write: true }
+ db: { volume: "databases", path: "", write: true }
+ tmp: { volume: "temporary", path: "", write: true }
# Global list, we only take things from the volume of project
-ands_openshift_files:
- - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" }
+#ands_openshift_files:
+# - { osv: "log", path: "apache2-kaas", state: "directory", mode: "0777" }
diff --git a/setup/projects/adei/templates/60-adei.yml.j2 b/setup/projects/adei/templates/60-adei.yml.j2
index 1bff206..537368f 100644
--- a/setup/projects/adei/templates/60-adei.yml.j2
+++ b/setup/projects/adei/templates/60-adei.yml.j2
@@ -8,6 +8,7 @@ metadata:
openshift.io/provider-display-name: "KIT"
openshift.io/documentation-url: "http://adei.info"
openshift.io/support-url: "http://adei.info"
+ kaas/strategy: "manual"
labels:
app: "adei"
objects:
diff --git a/setup/projects/adei/vars/volumes.yml b/setup/projects/adei/vars/volumes.yml
index 69d291c..cdeb4e7 100644
--- a/setup/projects/adei/vars/volumes.yml
+++ b/setup/projects/adei/vars/volumes.yml
@@ -1,20 +1,22 @@
-volumes:
- adei_init: { volume: "openshift", path: "/adei/init" } # mysql
- adei_etc: { volume: "openshift", path: "/adei/etc" } # mysql
- adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links)
- adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup)
- adei_sys: { volume: "openshift", path: "/adei/sys" } # per-setup cron-jon overrides
- adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files
- adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files
- adei_db: { volume: "databases", path: "/adei", write: true}
-
gids:
- adei: { id: 5010 }
- adei_db: { id: 5011 }
+ adei: { id: 6000 }
+ adei_db: { id: 6001 }
+
+volumes:
+ adei_init: { volume: "openshift", path: "/adei/init"} # mysql
+ adei_etc: { volume: "openshift", path: "/adei/etc"} # mysql (maybe)
+ adei_src: { volume: "openshift", path: "/adei/src", write: true } # prod & debug (init creates setup links)
+ adei_cfg: { volume: "openshift", path: "/adei/cfg", write: true } # per-setup configs (ADEI/wiki modifies setup)
+ adei_sys: { volume: "openshift", path: "/adei/sys" } # per-setup cron-jon overrides
+ adei_tmp: { volume: "temporary", path: "/adei/tmp", write: true } # per-setup temporary files
+ adei_log: { volume: "temporary", path: "/adei/log", write: true } # per-replica (should be fine) temporary files
+ adei_db: { volume: "databases", path: "/adei", write: true } # mysql
files:
- - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" }
- - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" }
+ - { osv: "adei_cfg", path: "/", state: "directory", group: "adei", mode: "0775" }
+ - { osv: "adei_cfg", path: "/prod", state: "directory", group: "adei", mode: "0775" }
+ - { osv: "adei_cfg", path: "/dbg", state: "directory", group: "adei", mode: "0775" }
+ - { osv: "adei_src", path: "/", state: "directory", group: "adei", mode: "0775" }
+ - { osv: "adei_log", path: "/", state: "directory", group: "adei", mode: "0775" }
+ - { osv: "adei_tmp", path: "/", state: "directory", group: "adei", mode: "0775" }
+ - { osv: "adei_db", path: "mysql", state: "directory", group: "adei_db", mode: "0775" }
diff --git a/setup/projects/katrin/files/www/kaas/index.html b/setup/projects/kaas/files/data/www/index.html
index 906ee19..906ee19 100644
--- a/setup/projects/katrin/files/www/kaas/index.html
+++ b/setup/projects/kaas/files/data/www/index.html
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf
index c581e97..c581e97 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-autoindex.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-autoindex.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf
index 29dfb72..29dfb72 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-dav.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-dav.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf
index efeca05..efeca05 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-default.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-default.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf
index db316c0..db316c0 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-info.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-info.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf
index 7f66461..7f66461 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-languages.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-languages.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf
index fc12fb9..fc12fb9 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-manual.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-manual.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf
index 8c44c60..8c44c60 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-mpm.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-mpm.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf
index 8ff9a45..8ff9a45 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-multilang-errordoc.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-multilang-errordoc.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf
index f8c023e..f8c023e 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-ssl.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-ssl.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf
index 567bd6d..567bd6d 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-userdir.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-userdir.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf b/setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf
index 01a73f3..01a73f3 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/extra/httpd-vhosts.conf
+++ b/setup/projects/kaas/files/etc/apache2/extra/httpd-vhosts.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf b/setup/projects/kaas/files/etc/apache2/httpd.conf
index 4b05e71..4b05e71 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/httpd.conf
+++ b/setup/projects/kaas/files/etc/apache2/httpd.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf b/setup/projects/kaas/files/etc/apache2/kaas/router.conf
index 4afa6dd..4afa6dd 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/kaas/router.conf
+++ b/setup/projects/kaas/files/etc/apache2/kaas/router.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/magic b/setup/projects/kaas/files/etc/apache2/magic
index 0de7336..0de7336 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/magic
+++ b/setup/projects/kaas/files/etc/apache2/magic
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types b/setup/projects/kaas/files/etc/apache2/mime.types
index 5175242..5175242 100644
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/mime.types
+++ b/setup/projects/kaas/files/etc/apache2/mime.types
diff --git a/setup/projects/katrin/keys/kaas.crt b/setup/projects/kaas/keys/kaas.crt
index 82ef723..82ef723 100644
--- a/setup/projects/katrin/keys/kaas.crt
+++ b/setup/projects/kaas/keys/kaas.crt
diff --git a/setup/projects/katrin/keys/kaas.key b/setup/projects/kaas/keys/kaas.key
index 3d766c8..3d766c8 100644
--- a/setup/projects/katrin/keys/kaas.key
+++ b/setup/projects/kaas/keys/kaas.key
diff --git a/setup/projects/kaas/templates/10-kaas-builder.yml.j2 b/setup/projects/kaas/templates/10-kaas-builder.yml.j2
new file mode 100644
index 0000000..52066a5
--- /dev/null
+++ b/setup/projects/kaas/templates/10-kaas-builder.yml.j2
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: Template
+metadata:
+ name: kaas-manager-build
+ labels:
+ app: kaas-manager
+ annotations:
+ descriptions: "KaaS Data Manager Build"
+objects:
+ - kind: ImageStream
+ apiVersion: v1
+ metadata:
+ name: kaas-manager
+ - kind: "BuildConfig"
+ apiVersion: "v1"
+ metadata:
+ name: "kaas-manager"
+ spec:
+# runPolicy: "Serial"
+ successfulBuildsHistoryLimit: "{{ kaas_pod_history_limit }}"
+ failedBuildsHistoryLimit: "{{ kaas_pod_history_limit }}"
+ triggers:
+ - type: "ConfigChange"
+ source:
+ type: "Git"
+ git:
+ uri: "http://adei.info/git/csa/devops/docker/ands-management.git"
+ strategy:
+ dockerStrategy:
+ dockerfilePath: Dockerfile
+ output:
+ to:
+ kind: "ImageStreamTag"
+ name: "kaas-manager:latest"
+ imageLabels:
+ - name: "vendor"
+ value: "KIT"
+ - name: "author"
+ value: "Suren A. Chilingaryan"
+ - name: "authoritative-source-url"
+ value: "adei.info"
+
diff --git a/setup/projects/kaas/templates/40-kaas-manager.yml.j2 b/setup/projects/kaas/templates/40-kaas-manager.yml.j2
new file mode 100644
index 0000000..e181737
--- /dev/null
+++ b/setup/projects/kaas/templates/40-kaas-manager.yml.j2
@@ -0,0 +1,91 @@
+#jinja2: trim_blocks: "true", lstrip_blocks: "false"
+---
+{% set gid_range = kaas_openshift_gid_ranges[kaas_project].split("/") %}
+apiVersion: v1
+kind: Template
+metadata:
+ name: kaas-manager
+ annotations:
+ descriptions: KaaS Data Management Service
+objects:
+ - apiVersion: v1
+ kind: DeploymentConfig
+ metadata:
+ name: kaas-manager
+ spec:
+ replicas: 1
+ revisionHistoryLimit: {{ kaas_pod_history_limit }}
+ strategy:
+ type: Rolling
+ triggers:
+ - type: ConfigChange
+ selector:
+ name: kaas-manager
+ triggers:
+ - type: ConfigChange
+ - type: ImageChange
+ imageChangeParams:
+ automatic: true
+ from:
+ kind: "ImageStreamTag"
+ name: "kaas-manager:latest"
+ namespace: "kaas"
+ containerNames:
+ - kaas-manager
+ template:
+ metadata:
+ name: kaas-manager
+ labels:
+ name: kaas-manager
+ spec:
+ securityContext:
+ supplementalGroups:
+{% for ofs in range(gid_range[1] | default(1) | int) %}
+ - {{ (gid_range[0] | int) + ofs }}
+{% endfor %}
+{% if (kaas_project_config.run_pods_as is defined) %}
+{% if ((kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as] is defined) %}
+ runAsUser: {{ (kaas_project_config.uids | default(kaas_openshift_uids))[kaas_project_config.run_pods_as].id }}
+{% else %}
+ runAsUser: {{ kaas_project_config.run_pods_as }}
+{% endif %}
+{% endif %}
+ volumes:
+{% for name, vol in kaas_project_volumes.iteritems() %}
+{% set oc_name = name | regex_replace('_','-') %}
+{% if (vol.write | default(false)) %}
+ - name: vol-{{ name }}
+ persistentVolumeClaim:
+ claimName: {{ oc_name }}
+{% endif %}
+{% endfor %}
+{% if ('data' not in kaas_project_volumes) %}
+ - name: home
+ emptyDir: {}
+{% endif %}
+ containers:
+ - name: kaas-manager
+ image: kaas-manager
+ command: [ "/docker-entrypoint.sh", "/bin/sx" ]
+ volumeMounts:
+{% for name, vol in kaas_project_volumes.iteritems() %}
+{% if (vol.write | default(false)) %}
+ - name: vol-{{ name }}
+ mountPath: /mnt/{{ name }}
+{% endif %}
+{% endfor %}
+{% if ('data' not in kaas_project_volumes) %}
+ - name: home
+ mountPath: /home
+{% endif %}
+ env:
+ - name: HOME
+{% if ('data' in kaas_project_volumes) %}
+ value: /mnt/data/home
+{% else %}
+ value: /tmp
+{% endif %}
+# lifecycle:
+# postStart:
+# exec:
+# command: [ "/bin/bash", "[ -d $HOME ] || mkdir -p $HOME" ]
diff --git a/setup/projects/katrin/vars/globals.yml b/setup/projects/kaas/vars/globals.yml
index 50776ff..69b0bfe 100644
--- a/setup/projects/katrin/vars/globals.yml
+++ b/setup/projects/kaas/vars/globals.yml
@@ -1,2 +1 @@
-#katrin_node: katrin.kit.edu
katrin_node: "katrin.{{ openshift_master_default_subdomain }}"
diff --git a/setup/projects/kaas/vars/pods.yml b/setup/projects/kaas/vars/pods.yml
new file mode 100644
index 0000000..41831ab
--- /dev/null
+++ b/setup/projects/kaas/vars/pods.yml
@@ -0,0 +1,15 @@
+pods:
+ kaas-router:
+ service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] }
+ sched: { replicas: 1, selector: { master: 1 } }
+ selector: { master: 1 }
+ images:
+ - image: "httpd:2.2"
+ mappings:
+ - { name: "etc", path: "apache2", mount: "/usr/local/apache2/conf" }
+ - { name: "data", path: "www", mount: "/usr/local/apache2/htdocs" }
+ - { name: "tmp", path: "apache2", mount: "/usr/local/apache2/logs" }
+ probes:
+ - { port: 8080, path: '/index.html' }
+
+ \ No newline at end of file
diff --git a/setup/projects/kaas/vars/volumes.yml b/setup/projects/kaas/vars/volumes.yml
new file mode 100644
index 0000000..3554aa6
--- /dev/null
+++ b/setup/projects/kaas/vars/volumes.yml
@@ -0,0 +1,10 @@
+gids:
+ kaas: { id: 4000 }
+
+files:
+ - { osv: "data", path: "/www", state: "directory", group: "kaas", mode: "0775" }
+ - { osv: "etc", path: "/apache2", state: "directory", group: "kaas", mode: "0775" }
+ - { osv: "tmp", path: "/apache2", state: "directory", group: "kaas", mode: "0775" }
+
+#resync: true
+sync_set_gid: kaas
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf
deleted file mode 100644
index a70324b..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/ssl.conf
+++ /dev/null
@@ -1,217 +0,0 @@
-#
-# When we also provide SSL we have to listen to the
-# the HTTPS port in addition.
-#
-Listen 0.0.0.0:8443 https
-
-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-# Pass Phrase Dialog:
-# Configure the pass phrase gathering process.
-# The filtering dialog program (`builtin' is a internal
-# terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog builtin
-
-# Inter-Process Session Cache:
-# Configure the SSL Session Cache: First the mechanism
-# to use and second the expiring timeout (in seconds).
-SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000)
-SSLSessionCacheTimeout 300
-
-# Pseudo Random Number Generator (PRNG):
-# Configure one or more sources to seed the PRNG of the
-# SSL library. The seed data should be of good random quality.
-# WARNING! On some platforms /dev/random blocks if not enough entropy
-# is available. This means you then cannot use the /dev/random device
-# because it would lead to very long connection times (as long as
-# it requires to make more entropy available). But usually those
-# platforms additionally provide a /dev/urandom device which doesn't
-# block. So, if available, use this one instead. Read the mod_ssl User
-# Manual for more details.
-SSLRandomSeed startup file:/dev/urandom 256
-SSLRandomSeed connect builtin
-#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
-
-#
-# Use "SSLCryptoDevice" to enable any supported hardware
-# accelerators. Use "openssl engine -v" to list supported
-# engine names. NOTE: If you enable an accelerator and the
-# server does not start, consult the error logs and ensure
-# your accelerator is functioning properly.
-#
-SSLCryptoDevice builtin
-#SSLCryptoDevice ubsec
-
-##
-## SSL Virtual Host Context
-##
-
-<VirtualHost _default_:8443>
-
-# General setup for the virtual host, inherited from global configuration
-#DocumentRoot "/var/www/html"
-#ServerName www.example.com:8443
-
-# Use separate log files for the SSL virtual host; note that LogLevel
-# is not inherited from httpd.conf.
-ErrorLog |/usr/bin/cat
-TransferLog |/usr/bin/cat
-LogLevel warn
-
-# SSL Engine Switch:
-# Enable/Disable SSL for this virtual host.
-SSLEngine on
-
-# SSL Protocol support:
-# List the enable protocol levels with which clients will be able to
-# connect. Disable SSLv2 access by default:
-SSLProtocol all -SSLv2
-
-# SSL Cipher Suite:
-# List the ciphers that the client is permitted to negotiate.
-# See the mod_ssl documentation for a complete list.
-SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
-
-# Speed-optimized SSL Cipher configuration:
-# If speed is your main concern (on busy HTTPS servers e.g.),
-# you might want to force clients to specific, performance
-# optimized ciphers. In this case, prepend those ciphers
-# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
-# Caveat: by giving precedence to RC4-SHA and AES128-SHA
-# (as in the example below), most connections will no longer
-# have perfect forward secrecy - if the server's key is
-# compromised, captures of past or future traffic must be
-# considered compromised, too.
-#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
-#SSLHonorCipherOrder on
-
-# Server Certificate:
-# Point SSLCertificateFile at a PEM encoded certificate. If
-# the certificate is encrypted, then you will be prompted for a
-# pass phrase. Note that a kill -HUP will prompt again. A new
-# certificate can be generated using the genkey(1) command.
-SSLCertificateFile /etc/pki/tls/certs/localhost.crt
-
-# Server Private Key:
-# If the key is not combined with the certificate, use this
-# directive to point at the key file. Keep in mind that if
-# you've both a RSA and a DSA private key you can configure
-# both in parallel (to also allow the use of DSA ciphers, etc.)
-SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
-
-# Server Certificate Chain:
-# Point SSLCertificateChainFile at a file containing the
-# concatenation of PEM encoded CA certificates which form the
-# certificate chain for the server certificate. Alternatively
-# the referenced file can be the same as SSLCertificateFile
-# when the CA certificates are directly appended to the server
-# certificate for convinience.
-#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
-
-# Certificate Authority (CA):
-# Set the CA certificate verification path where to find CA
-# certificates for client authentication or alternatively one
-# huge file containing all of them (file must be PEM encoded)
-#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
-
-# Client Authentication (Type):
-# Client certificate verification type and depth. Types are
-# none, optional, require and optional_no_ca. Depth is a
-# number which specifies how deeply to verify the certificate
-# issuer chain before deciding the certificate is not valid.
-#SSLVerifyClient require
-#SSLVerifyDepth 10
-
-# Access Control:
-# With SSLRequire you can do per-directory access control based
-# on arbitrary complex boolean expressions containing server
-# variable checks and other lookup directives. The syntax is a
-# mixture between C and Perl. See the mod_ssl documentation
-# for more details.
-#<Location />
-#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
-# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-#</Location>
-
-# SSL Engine Options:
-# Set various options for the SSL engine.
-# o FakeBasicAuth:
-# Translate the client X.509 into a Basic Authorisation. This means that
-# the standard Auth/DBMAuth methods can be used for access control. The
-# user name is the `one line' version of the client's X.509 certificate.
-# Note that no password is obtained from the user. Every entry in the user
-# file needs this password: `xxj31ZMTZzkVA'.
-# o ExportCertData:
-# This exports two additional environment variables: SSL_CLIENT_CERT and
-# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-# server (always existing) and the client (only existing when client
-# authentication is used). This can be used to import the certificates
-# into CGI scripts.
-# o StdEnvVars:
-# This exports the standard SSL/TLS related `SSL_*' environment variables.
-# Per default this exportation is switched off for performance reasons,
-# because the extraction step is an expensive operation and is usually
-# useless for serving static content. So one usually enables the
-# exportation for CGI and SSI requests only.
-# o StrictRequire:
-# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-# under a "Satisfy any" situation, i.e. when it applies access is denied
-# and no other module can change it.
-# o OptRenegotiate:
-# This enables optimized SSL connection renegotiation handling when SSL
-# directives are used in per-directory context.
-#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-<Files ~ "\.(cgi|shtml|phtml|php3?)$">
- SSLOptions +StdEnvVars
-</Files>
-<Directory "/var/www/cgi-bin">
- SSLOptions +StdEnvVars
-</Directory>
-
-# SSL Protocol Adjustments:
-# The safe and default but still SSL/TLS standard compliant shutdown
-# approach is that mod_ssl sends the close notify alert but doesn't wait for
-# the close notify alert from client. When you need a different shutdown
-# approach you can use one of the following variables:
-# o ssl-unclean-shutdown:
-# This forces an unclean shutdown when the connection is closed, i.e. no
-# SSL close notify alert is send or allowed to received. This violates
-# the SSL/TLS standard but is needed for some brain-dead browsers. Use
-# this when you receive I/O errors because of the standard approach where
-# mod_ssl sends the close notify alert.
-# o ssl-accurate-shutdown:
-# This forces an accurate shutdown when the connection is closed, i.e. a
-# SSL close notify alert is send and mod_ssl waits for the close notify
-# alert of the client. This is 100% SSL/TLS standard compliant, but in
-# practice often causes hanging connections with brain-dead browsers. Use
-# this only for browsers where you know that their SSL implementation
-# works correctly.
-# Notice: Most problems of broken clients are also related to the HTTP
-# keep-alive facility, so you usually additionally want to disable
-# keep-alive for those clients, too. Use variable "nokeepalive" for this.
-# Similarly, one has to force some clients to use HTTP/1.0 to workaround
-# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-# "force-response-1.0" for this.
-BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
-
-# Per-Server Logging:
-# The home of a custom SSL log file. Use this when you want a
-# compact non-error SSL logfile on a virtual host basis.
-CustomLog |/usr/bin/cat \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-</VirtualHost>
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf
deleted file mode 100644
index b5d7a49..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d.disabled/userdir.conf
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# UserDir: The name of the directory that is appended onto a user's home
-# directory if a ~user request is received.
-#
-# The path to the end user account 'public_html' directory must be
-# accessible to the webserver userid. This usually means that ~userid
-# must have permissions of 711, ~userid/public_html must have permissions
-# of 755, and documents contained therein must be world-readable.
-# Otherwise, the client will only receive a "403 Forbidden" message.
-#
-<IfModule mod_userdir.c>
- #
- # UserDir is disabled by default since it can confirm the presence
- # of a username on the system (depending on home directory
- # permissions).
- #
- UserDir disabled
-
- #
- # To enable requests to /~user/ to serve the user's public_html
- # directory, remove the "UserDir disabled" line above, and uncomment
- # the following line instead:
- #
- #UserDir public_html
-</IfModule>
-
-#
-# Control access to UserDir directories. The following is an example
-# for a site where these directories are restricted to read-only.
-#
-<Directory "/home/*/public_html">
- AllowOverride FileInfo AuthConfig Limit Indexes
- Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- Require method GET POST OPTIONS
-</Directory>
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README
deleted file mode 100644
index f5e9661..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/README
+++ /dev/null
@@ -1,9 +0,0 @@
-
-This directory holds configuration files for the Apache HTTP Server;
-any files in this directory which have the ".conf" extension will be
-processed as httpd configuration files. The directory is used in
-addition to the directory /etc/httpd/conf.modules.d/, which contains
-configuration files necessary to load modules.
-
-Files are processed in alphabetical order.
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf
deleted file mode 100644
index 55f658e..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/autoindex.conf
+++ /dev/null
@@ -1,94 +0,0 @@
-#
-# Directives controlling the display of server-generated directory listings.
-#
-# Required modules: mod_authz_core, mod_authz_host,
-# mod_autoindex, mod_alias
-#
-# To see the listing of a directory, the Options directive for the
-# directory must include "Indexes", and the directory must not contain
-# a file matching those listed in the DirectoryIndex directive.
-#
-
-#
-# IndexOptions: Controls the appearance of server-generated directory
-# listings.
-#
-IndexOptions FancyIndexing HTMLTable VersionSort
-
-# We include the /icons/ alias for FancyIndexed directory listings. If
-# you do not use FancyIndexing, you may comment this out.
-#
-Alias /icons/ "/opt/rh/httpd24/root/usr/share/httpd/icons/"
-
-<Directory "/opt/rh/httpd24/root/usr/share/httpd/icons">
- Options Indexes MultiViews FollowSymlinks
- AllowOverride None
- Require all granted
-</Directory>
-
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions. These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif /core
-AddIcon /icons/bomb.gif */core.*
-
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
-
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes. These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
-
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes.
-ReadmeName README.html
-HeaderName HEADER.html
-
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing. Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf
deleted file mode 100644
index 325d196..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/router.conf
+++ /dev/null
@@ -1,6 +0,0 @@
-ProxyPass /adei http://katrin.kit.edu/adei
-ProxyPassReverse /adei http://katrin.kit.edu/adei
-ProxyPass /adei-katrin http://katrin.kit.edu/adei-katrin
-ProxyPassReverse /adei-katrin http://katrin.kit.edu/adei-katrin
-ProxyPass /katrin-ng http://katrin.kit.edu/katrin-ng
-ProxyPassReverse /katrin-ng http://katrin.kit.edu/katrin-ng
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf
deleted file mode 100644
index e69de29..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/ssl.conf
+++ /dev/null
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf
deleted file mode 100644
index 34b4b72..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.d/welcome.conf
+++ /dev/null
@@ -1,18 +0,0 @@
-#
-# This configuration file enables the default "Welcome" page if there
-# is no default index page present for the root URL. To disable the
-# Welcome page, comment out all the lines below.
-#
-# NOTE: if this file is removed, it will be restored on upgrades.
-#
-<LocationMatch "^/+$">
- Options -Indexes
- ErrorDocument 403 /.noindex.html
-</LocationMatch>
-
-<Directory /opt/rh/httpd24/root/usr/share/httpd/noindex>
- AllowOverride None
- Require all granted
-</Directory>
-
-Alias /.noindex.html /opt/rh/httpd24/root/usr/share/httpd/noindex/index.html
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf
deleted file mode 100644
index 2e3ce8c..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-base.conf
+++ /dev/null
@@ -1,67 +0,0 @@
-#
-# This file loads most of the modules included with the Apache HTTP
-# Server itself.
-#
-
-LoadModule access_compat_module modules/mod_access_compat.so
-LoadModule actions_module modules/mod_actions.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule allowmethods_module modules/mod_allowmethods.so
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule auth_digest_module modules/mod_auth_digest.so
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_core_module modules/mod_authn_core.so
-LoadModule authn_dbd_module modules/mod_authn_dbd.so
-LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_socache_module modules/mod_authn_socache.so
-LoadModule authz_core_module modules/mod_authz_core.so
-LoadModule authz_dbd_module modules/mod_authz_dbd.so
-LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule cache_module modules/mod_cache.so
-LoadModule cache_disk_module modules/mod_cache_disk.so
-LoadModule cache_socache_module modules/mod_cache_socache.so
-LoadModule data_module modules/mod_data.so
-LoadModule dbd_module modules/mod_dbd.so
-LoadModule deflate_module modules/mod_deflate.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule dumpio_module modules/mod_dumpio.so
-LoadModule echo_module modules/mod_echo.so
-LoadModule env_module modules/mod_env.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule headers_module modules/mod_headers.so
-#LoadModule http2_module modules/mod_http2.so
-LoadModule include_module modules/mod_include.so
-LoadModule info_module modules/mod_info.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule logio_module modules/mod_logio.so
-LoadModule macro_module modules/mod_macro.so
-LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule remoteip_module modules/mod_remoteip.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule request_module modules/mod_request.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-LoadModule socache_dbm_module modules/mod_socache_dbm.so
-LoadModule socache_memcache_module modules/mod_socache_memcache.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
-LoadModule status_module modules/mod_status.so
-LoadModule substitute_module modules/mod_substitute.so
-LoadModule suexec_module modules/mod_suexec.so
-LoadModule unique_id_module modules/mod_unique_id.so
-LoadModule unixd_module modules/mod_unixd.so
-LoadModule userdir_module modules/mod_userdir.so
-LoadModule version_module modules/mod_version.so
-LoadModule vhost_alias_module modules/mod_vhost_alias.so
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf
deleted file mode 100644
index 7bfd1d4..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-mpm.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-# Select the MPM module which should be used by uncommenting exactly
-# one of the following LoadModule lines:
-
-# prefork MPM: Implements a non-threaded, pre-forking web server
-# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
-LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
-
-# worker MPM: Multi-Processing Module implementing a hybrid
-# multi-threaded multi-process web server
-# See: http://httpd.apache.org/docs/2.4/mod/worker.html
-#
-#LoadModule mpm_worker_module modules/mod_mpm_worker.so
-
-# event MPM: A variant of the worker MPM with the goal of consuming
-# threads only for connections with active processing
-# See: http://httpd.apache.org/docs/2.4/mod/event.html
-#
-#LoadModule mpm_event_module modules/mod_mpm_event.so
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf
deleted file mode 100644
index b8003f4..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.d/00-proxy.conf
+++ /dev/null
@@ -1,4 +0,0 @@
-# This file configures all the proxy modules:
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf
deleted file mode 100644
index e6af8de..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-dav.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-LoadModule dav_module modules/mod_dav.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule dav_lock_module modules/mod_dav_lock.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf
deleted file mode 100644
index 9e0d0db..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-lua.conf
+++ /dev/null
@@ -1 +0,0 @@
-LoadModule lua_module modules/mod_lua.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf
deleted file mode 100644
index 70bda5e..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-optional.conf
+++ /dev/null
@@ -1,20 +0,0 @@
-#
-# This file lists modules included with the Apache HTTP Server
-# which are not enabled by default.
-#
-
-#LoadModule asis_module modules/mod_asis.so
-#LoadModule buffer_module modules/mod_buffer.so
-#LoadModule file_cache_module modules/mod_file_cache.so
-#LoadModule watchdog_module modules/mod_watchdog.so
-#LoadModule heartbeat_module modules/mod_heartbeat.so
-#LoadModule heartmonitor_module modules/mod_heartmonitor.so
-#LoadModule usertrack_module modules/mod_usertrack.so
-#LoadModule dialup_module modules/mod_dialup.so
-#LoadModule charset_lite_module modules/mod_charset_lite.so
-#LoadModule log_debug_module modules/mod_log_debug.so
-#LoadModule log_forensic_module modules/mod_log_forensic.so
-#LoadModule ratelimit_module modules/mod_ratelimit.so
-#LoadModule reflector_module modules/mod_reflector.so
-#LoadModule sed_module modules/mod_sed.so
-#LoadModule speling_module modules/mod_speling.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf
deleted file mode 100644
index cc0bca0..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-proxy.conf
+++ /dev/null
@@ -1,16 +0,0 @@
-# This file configures all the proxy modules:
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
-LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
-LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
-LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule proxy_express_module modules/mod_proxy_express.so
-LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
-LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
-LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
-LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf
deleted file mode 100644
index 53235cd..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-ssl.conf
+++ /dev/null
@@ -1 +0,0 @@
-LoadModule ssl_module modules/mod_ssl.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf
deleted file mode 100644
index b208c97..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/00-systemd.conf
+++ /dev/null
@@ -1,2 +0,0 @@
-# This file configures systemd module:
-LoadModule systemd_module modules/mod_systemd.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf
deleted file mode 100644
index 5b8b936..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf.modules.disabled/01-cgi.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-# This configuration file loads a CGI module appropriate to the MPM
-# which has been configured in 00-mpm.conf. mod_cgid should be used
-# with a threaded MPM; mod_cgi with the prefork MPM.
-
-<IfModule mpm_worker_module>
- LoadModule cgid_module modules/mod_cgid.so
-</IfModule>
-<IfModule mpm_event_module>
- LoadModule cgid_module modules/mod_cgid.so
-</IfModule>
-<IfModule mpm_prefork_module>
- LoadModule cgi_module modules/mod_cgi.so
-</IfModule>
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf
deleted file mode 100644
index 88fcb97..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/httpd.conf
+++ /dev/null
@@ -1,353 +0,0 @@
-#
-# This is the main Apache HTTP server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
-# In particular, see
-# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
-# for a discussion of each configuration directive.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
-# with ServerRoot set to '/www' will be interpreted by the
-# server as '/www/log/access_log', where as '/log/access_log' will be
-# interpreted as '/log/access_log'.
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# Do not add a slash at the end of the directory path. If you point
-# ServerRoot at a non-local disk, be sure to specify a local disk on the
-# Mutex directive, if file-based mutexes are used. If you wish to share the
-# same ServerRoot for multiple httpd daemons, you will need to change at
-# least PidFile.
-#
-ServerRoot "/opt/rh/httpd24/root/etc/httpd"
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the <VirtualHost>
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses.
-#
-#Listen 12.34.56.78:80
-Listen 0.0.0.0:8080
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-Include conf.modules.d/*.conf
-
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# It is usually good practice to create a dedicated user and group for
-# running httpd, as with most system services.
-#
-User default
-Group root
-
-# 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# <VirtualHost> definition. These values also provide defaults for
-# any <VirtualHost> containers you may define later in the file.
-#
-# All of these directives may appear inside <VirtualHost> containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed. This address appears on some server-generated pages, such
-# as error documents. e.g. admin@your-domain.com
-#
-ServerAdmin root@localhost
-
-#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
-#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-#
-#ServerName www.example.com:80
-
-#
-# Deny access to the entirety of your server's filesystem. You must
-# explicitly permit access to web content directories in other
-# <Directory> blocks below.
-#
-<Directory />
- AllowOverride none
- Require all denied
-</Directory>
-
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/opt/rh/httpd24/root/var/www/html"
-
-#
-# Relax access to content within /opt/rh/httpd24/root/var/www.
-#
-<Directory "/opt/rh/httpd24/root/var/www">
- AllowOverride None
- # Allow open access:
- Require all granted
-</Directory>
-
-# Further relax access to the default document root:
-<Directory "/opt/rh/httpd24/root/var/www/html">
- #
- # Possible values for the Options directive are "None", "All",
- # or any combination of:
- # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
- #
- # Note that "MultiViews" must be named *explicitly* --- "Options All"
- # doesn't give it to you.
- #
- # The Options directive is both complicated and important. Please see
- # http://httpd.apache.org/docs/2.4/mod/core.html#options
- # for more information.
- #
- Options Indexes FollowSymLinks
-
- #
- # AllowOverride controls what directives may be placed in .htaccess files.
- # It can be "All", "None", or any combination of the keywords:
- # Options FileInfo AuthConfig Limit
- #
- AllowOverride All
-
- #
- # Controls who can get stuff from this server.
- #
- Require all granted
-</Directory>
-
-#
-# DirectoryIndex: sets the file that Apache will serve if a directory
-# is requested.
-#
-<IfModule dir_module>
- DirectoryIndex index.html
-</IfModule>
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<Files ".ht*">
- Require all denied
-</Files>
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog |/usr/bin/cat
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-<IfModule log_config_module>
- #
- # The following directives define some format nicknames for use with
- # a CustomLog directive (see below).
- #
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
- <IfModule logio_module>
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
- </IfModule>
-
- #
- # The location and format of the access logfile (Common Logfile Format).
- # If you do not define any access logfiles within a <VirtualHost>
- # container, they will be logged here. Contrariwise, if you *do*
- # define per-<VirtualHost> access logfiles, transactions will be
- # logged therein and *not* in this file.
- #
- #CustomLog "logs/access_log" common
-
- #
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
- #
- CustomLog |/usr/bin/cat combined
-</IfModule>
-
-<IfModule alias_module>
- #
- # Redirect: Allows you to tell clients about documents that used to
- # exist in your server's namespace, but do not anymore. The client
- # will make a new request for the document at its new location.
- # Example:
- # Redirect permanent /foo http://www.example.com/bar
-
- #
- # Alias: Maps web paths into filesystem paths and is used to
- # access content that does not live under the DocumentRoot.
- # Example:
- # Alias /webpath /full/filesystem/path
- #
- # If you include a trailing / on /webpath then the server will
- # require it to be present in the URL. You will also likely
- # need to provide a <Directory> section to allow access to
- # the filesystem path.
-
- #
- # ScriptAlias: This controls which directories contain server scripts.
- # ScriptAliases are essentially the same as Aliases, except that
- # documents in the target directory are treated as applications and
- # run by the server when requested rather than as documents sent to the
- # client. The same rules about trailing "/" apply to ScriptAlias
- # directives as to Alias.
- #
- ScriptAlias /cgi-bin/ "/opt/rh/httpd24/root/var/www/cgi-bin/"
-
-</IfModule>
-
-#
-# "/opt/rh/httpd24/root/var/www/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-<Directory "/opt/rh/httpd24/root/var/www/cgi-bin">
- AllowOverride None
- Options None
- Require all granted
-</Directory>
-
-<IfModule mime_module>
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
- TypesConfig /etc/mime.types
-
- #
- # AddType allows you to add to or override the MIME configuration
- # file specified in TypesConfig for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
-
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
-
- # For type maps (negotiated resources):
- #AddHandler type-map var
-
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- AddType text/html .shtml
- AddOutputFilter INCLUDES .shtml
-</IfModule>
-
-#
-# Specify a default charset for all content served; this enables
-# interpretation of all content as UTF-8 by default. To use the
-# default browser choice (ISO-8859-1), or to allow the META tags
-# in HTML content to override this choice, comment out this
-# directive:
-#
-AddDefaultCharset UTF-8
-
-<IfModule mime_magic_module>
- #
- # The mod_mime_magic module allows the server to use various hints from the
- # contents of the file itself to determine its type. The MIMEMagicFile
- # directive tells the module where the hint definitions are located.
- #
- MIMEMagicFile conf/magic
-</IfModule>
-
-#
-# Customizable error responses come in three flavors:
-# 1) plain text 2) local redirects 3) external redirects
-#
-# Some examples:
-#ErrorDocument 500 "The server made a boo boo."
-#ErrorDocument 404 /missing.html
-#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#
-
-#
-# EnableMMAP and EnableSendfile: On systems that support it,
-# memory-mapping or the sendfile syscall may be used to deliver
-# files. This usually improves server performance, but must
-# be turned off when serving from networked-mounted
-# filesystems or if support for these functions is otherwise
-# broken on your system.
-# Defaults if commented: EnableMMAP On, EnableSendfile Off
-#
-#EnableMMAP off
-EnableSendfile on
-
-# Supplemental configuration
-#
-# Load config files in the "/etc/httpd/conf.d" directory, if any.
-IncludeOptional conf.d/*.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic b/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic
deleted file mode 100644
index 7c56119..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-centos/conf/magic
+++ /dev/null
@@ -1,385 +0,0 @@
-# Magic data for mod_mime_magic Apache module (originally for file(1) command)
-# The module is described in /manual/mod/mod_mime_magic.html
-#
-# The format is 4-5 columns:
-# Column #1: byte number to begin checking from, ">" indicates continuation
-# Column #2: type of data to match
-# Column #3: contents of data to match
-# Column #4: MIME type of result
-# Column #5: MIME encoding of result (optional)
-
-#------------------------------------------------------------------------------
-# Localstuff: file(1) magic for locally observed files
-# Add any locally observed files here.
-
-#------------------------------------------------------------------------------
-# end local stuff
-#------------------------------------------------------------------------------
-
-#------------------------------------------------------------------------------
-# Java
-
-0 short 0xcafe
->2 short 0xbabe application/java
-
-#------------------------------------------------------------------------------
-# audio: file(1) magic for sound formats
-#
-# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
-#
-
-# Sun/NeXT audio data
-0 string .snd
->12 belong 1 audio/basic
->12 belong 2 audio/basic
->12 belong 3 audio/basic
->12 belong 4 audio/basic
->12 belong 5 audio/basic
->12 belong 6 audio/basic
->12 belong 7 audio/basic
-
->12 belong 23 audio/x-adpcm
-
-# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
-# that uses little-endian encoding and has a different magic number
-# (0x0064732E in little-endian encoding).
-0 lelong 0x0064732E
->12 lelong 1 audio/x-dec-basic
->12 lelong 2 audio/x-dec-basic
->12 lelong 3 audio/x-dec-basic
->12 lelong 4 audio/x-dec-basic
->12 lelong 5 audio/x-dec-basic
->12 lelong 6 audio/x-dec-basic
->12 lelong 7 audio/x-dec-basic
-# compressed (G.721 ADPCM)
->12 lelong 23 audio/x-dec-adpcm
-
-# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
-# AIFF audio data
-8 string AIFF audio/x-aiff
-# AIFF-C audio data
-8 string AIFC audio/x-aiff
-# IFF/8SVX audio data
-8 string 8SVX audio/x-aiff
-
-# Creative Labs AUDIO stuff
-# Standard MIDI data
-0 string MThd audio/unknown
-#>9 byte >0 (format %d)
-#>11 byte >1 using %d channels
-# Creative Music (CMF) data
-0 string CTMF audio/unknown
-# SoundBlaster instrument data
-0 string SBI audio/unknown
-# Creative Labs voice data
-0 string Creative\ Voice\ File audio/unknown
-## is this next line right? it came this way...
-#>19 byte 0x1A
-#>23 byte >0 - version %d
-#>22 byte >0 \b.%d
-
-# [GRR 950115: is this also Creative Labs? Guessing that first line
-# should be string instead of unknown-endian long...]
-#0 long 0x4e54524b MultiTrack sound data
-#0 string NTRK MultiTrack sound data
-#>4 long x - version %ld
-
-# Microsoft WAVE format (*.wav)
-# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
-# Microsoft RIFF
-0 string RIFF audio/unknown
-# - WAVE format
->8 string WAVE audio/x-wav
-# MPEG audio.
-0 beshort&0xfff0 0xfff0 audio/mpeg
-# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
-0 string PSID audio/prs.sid
-
-#------------------------------------------------------------------------------
-# c-lang: file(1) magic for C programs or various scripts
-#
-
-# XPM icons (Greg Roelofs, newt@uchicago.edu)
-# ideally should go into "images", but entries below would tag XPM as C source
-0 string /*\ XPM image/x-xbm 7bit
-
-# this first will upset you if you're a PL/1 shop... (are there any left?)
-# in which case rm it; ascmagic will catch real C programs
-# C or REXX program text
-0 string /* text/plain
-# C++ program text
-0 string // text/plain
-
-#------------------------------------------------------------------------------
-# compress: file(1) magic for pure-compression formats (no archives)
-#
-# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
-#
-# Formats for various forms of compressed data
-# Formats for "compress" proper have been moved into "compress.c",
-# because it tries to uncompress it to figure out what's inside.
-
-# standard unix compress
-0 string \037\235 application/octet-stream x-compress
-
-# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
-0 string \037\213 application/octet-stream x-gzip
-
-# According to gzip.h, this is the correct byte order for packed data.
-0 string \037\036 application/octet-stream
-#
-# This magic number is byte-order-independent.
-#
-0 short 017437 application/octet-stream
-
-# XXX - why *two* entries for "compacted data", one of which is
-# byte-order independent, and one of which is byte-order dependent?
-#
-# compacted data
-0 short 0x1fff application/octet-stream
-0 string \377\037 application/octet-stream
-# huf output
-0 short 0145405 application/octet-stream
-
-# Squeeze and Crunch...
-# These numbers were gleaned from the Unix versions of the programs to
-# handle these formats. Note that I can only uncrunch, not crunch, and
-# I didn't have a crunched file handy, so the crunch number is untested.
-# Keith Waclena <keith@cerberus.uchicago.edu>
-#0 leshort 0x76FF squeezed data (CP/M, DOS)
-#0 leshort 0x76FE crunched data (CP/M, DOS)
-
-# Freeze
-#0 string \037\237 Frozen file 2.1
-#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
-
-# lzh?
-#0 string \037\240 LZH compressed data
-
-#------------------------------------------------------------------------------
-# frame: file(1) magic for FrameMaker files
-#
-# This stuff came on a FrameMaker demo tape, most of which is
-# copyright, but this file is "published" as witness the following:
-#
-0 string \<MakerFile application/x-frame
-0 string \<MIFFile application/x-frame
-0 string \<MakerDictionary application/x-frame
-0 string \<MakerScreenFon application/x-frame
-0 string \<MML application/x-frame
-0 string \<Book application/x-frame
-0 string \<Maker application/x-frame
-
-#------------------------------------------------------------------------------
-# html: file(1) magic for HTML (HyperText Markup Language) docs
-#
-# from Daniel Quinlan <quinlan@yggdrasil.com>
-# and Anna Shergold <anna@inext.co.uk>
-#
-0 string \<!DOCTYPE\ HTML text/html
-0 string \<!doctype\ html text/html
-0 string \<HEAD text/html
-0 string \<head text/html
-0 string \<TITLE text/html
-0 string \<title text/html
-0 string \<html text/html
-0 string \<HTML text/html
-0 string \<!-- text/html
-0 string \<h1 text/html
-0 string \<H1 text/html
-
-# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
-0 string \<?xml text/xml
-
-#------------------------------------------------------------------------------
-# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
-#
-# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
-# additions by janl@ifi.uio.no as well as others. Jan also suggested
-# merging several one- and two-line files into here.
-#
-# XXX - byte order for GIF and TIFF fields?
-# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
-#
-
-# [GRR: what the hell is this doing in here?]
-#0 string xbtoa btoa'd file
-
-# PBMPLUS
-# PBM file
-0 string P1 image/x-portable-bitmap 7bit
-# PGM file
-0 string P2 image/x-portable-greymap 7bit
-# PPM file
-0 string P3 image/x-portable-pixmap 7bit
-# PBM "rawbits" file
-0 string P4 image/x-portable-bitmap
-# PGM "rawbits" file
-0 string P5 image/x-portable-greymap
-# PPM "rawbits" file
-0 string P6 image/x-portable-pixmap
-
-# NIFF (Navy Interchange File Format, a modification of TIFF)
-# [GRR: this *must* go before TIFF]
-0 string IIN1 image/x-niff
-
-# TIFF and friends
-# TIFF file, big-endian
-0 string MM image/tiff
-# TIFF file, little-endian
-0 string II image/tiff
-
-# possible GIF replacements; none yet released!
-# (Greg Roelofs, newt@uchicago.edu)
-#
-# GRR 950115: this was mine ("Zip GIF"):
-# ZIF image (GIF+deflate alpha)
-0 string GIF94z image/unknown
-#
-# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
-# FGF image (GIF+deflate beta)
-0 string FGF95a image/unknown
-#
-# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
-# (best; not yet implemented):
-# PBF image (deflate compression)
-0 string PBF image/unknown
-
-# GIF
-0 string GIF image/gif
-
-# JPEG images
-0 beshort 0xffd8 image/jpeg
-
-# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
-0 string BM image/bmp
-#>14 byte 12 (OS/2 1.x format)
-#>14 byte 64 (OS/2 2.x format)
-#>14 byte 40 (Windows 3.x format)
-#0 string IC icon
-#0 string PI pointer
-#0 string CI color icon
-#0 string CP color pointer
-#0 string BA bitmap array
-
-0 string \x89PNG image/png
-0 string FWS application/x-shockwave-flash
-0 string CWS application/x-shockwave-flash
-
-#------------------------------------------------------------------------------
-# lisp: file(1) magic for lisp programs
-#
-# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
-0 string ;; text/plain 8bit
-# Emacs 18 - this is always correct, but not very magical.
-0 string \012( application/x-elc
-# Emacs 19
-0 string ;ELC\023\000\000\000 application/x-elc
-
-#------------------------------------------------------------------------------
-# mail.news: file(1) magic for mail and news
-#
-# There are tests to ascmagic.c to cope with mail and news.
-0 string Relay-Version: message/rfc822 7bit
-0 string #!\ rnews message/rfc822 7bit
-0 string N#!\ rnews message/rfc822 7bit
-0 string Forward\ to message/rfc822 7bit
-0 string Pipe\ to message/rfc822 7bit
-0 string Return-Path: message/rfc822 7bit
-0 string Path: message/news 8bit
-0 string Xref: message/news 8bit
-0 string From: message/rfc822 7bit
-0 string Article message/news 8bit
-#------------------------------------------------------------------------------
-# msword: file(1) magic for MS Word files
-#
-# Contributor claims:
-# Reversed-engineered MS Word magic numbers
-#
-
-0 string \376\067\0\043 application/msword
-0 string \333\245-\0\0\0 application/msword
-
-# disable this one because it applies also to other
-# Office/OLE documents for which msword is not correct. See PR#2608.
-#0 string \320\317\021\340\241\261 application/msword
-
-
-
-#------------------------------------------------------------------------------
-# printer: file(1) magic for printer-formatted files
-#
-
-# PostScript
-0 string %! application/postscript
-0 string \004%! application/postscript
-
-# Acrobat
-# (due to clamen@cs.cmu.edu)
-0 string %PDF- application/pdf
-
-#------------------------------------------------------------------------------
-# sc: file(1) magic for "sc" spreadsheet
-#
-38 string Spreadsheet application/x-sc
-
-#------------------------------------------------------------------------------
-# tex: file(1) magic for TeX files
-#
-# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
-#
-# From <conklin@talisman.kaleida.com>
-
-# Although we may know the offset of certain text fields in TeX DVI
-# and font files, we can't use them reliably because they are not
-# zero terminated. [but we do anyway, christos]
-0 string \367\002 application/x-dvi
-#0 string \367\203 TeX generic font data
-#0 string \367\131 TeX packed font data
-#0 string \367\312 TeX virtual font data
-#0 string This\ is\ TeX, TeX transcript text
-#0 string This\ is\ METAFONT, METAFONT transcript text
-
-# There is no way to detect TeX Font Metric (*.tfm) files without
-# breaking them apart and reading the data. The following patterns
-# match most *.tfm files generated by METAFONT or afm2tfm.
-#2 string \000\021 TeX font metric data
-#2 string \000\022 TeX font metric data
-#>34 string >\0 (%s)
-
-# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
-#0 string \\input\ texinfo Texinfo source text
-#0 string This\ is\ Info\ file GNU Info text
-
-# correct TeX magic for Linux (and maybe more)
-# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
-#
-0 leshort 0x02f7 application/x-dvi
-
-# RTF - Rich Text Format
-0 string {\\rtf application/rtf
-
-#------------------------------------------------------------------------------
-# animation: file(1) magic for animation/movie formats
-#
-# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
-# MPEG file
-0 string \000\000\001\263 video/mpeg
-#
-# The contributor claims:
-# I couldn't find a real magic number for these, however, this
-# -appears- to work. Note that it might catch other files, too,
-# so BE CAREFUL!
-#
-# Note that title and author appear in the two 20-byte chunks
-# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
-# 255 (hex FF)! DL format SUCKS BIG ROCKS.
-#
-# DL file version 1 , medium format (160x100, 4 images/screen)
-0 byte 1 video/unknown
-0 byte 2 video/unknown
-# Quicktime video, from Linus Walleij <triad@df.lth.se>
-# from Apple quicktime file format documentation.
-4 string moov video/quicktime
-4 string mdat video/quicktime
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf
deleted file mode 100644
index c581e97..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-autoindex.conf
+++ /dev/null
@@ -1,93 +0,0 @@
-#
-# Directives controlling the display of server-generated directory listings.
-#
-# Required modules: mod_autoindex, mod_alias
-#
-# To see the listing of a directory, the Options directive for the
-# directory must include "Indexes", and the directory must not contain
-# a file matching those listed in the DirectoryIndex directive.
-#
-
-#
-# IndexOptions: Controls the appearance of server-generated directory
-# listings.
-#
-IndexOptions FancyIndexing HTMLTable VersionSort
-
-# We include the /icons/ alias for FancyIndexed directory listings. If
-# you do not use FancyIndexing, you may comment this out.
-#
-Alias /icons/ "/usr/local/apache2/icons/"
-
-<Directory "/usr/local/apache2/icons">
- Options Indexes MultiViews
- AllowOverride None
- Order allow,deny
- Allow from all
-</Directory>
-
-#
-# AddIcon* directives tell the server which icon to show for different
-# files or filename extensions. These are only displayed for
-# FancyIndexed directories.
-#
-AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
-
-AddIconByType (TXT,/icons/text.gif) text/*
-AddIconByType (IMG,/icons/image2.gif) image/*
-AddIconByType (SND,/icons/sound2.gif) audio/*
-AddIconByType (VID,/icons/movie.gif) video/*
-
-AddIcon /icons/binary.gif .bin .exe
-AddIcon /icons/binhex.gif .hqx
-AddIcon /icons/tar.gif .tar
-AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
-AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
-AddIcon /icons/a.gif .ps .ai .eps
-AddIcon /icons/layout.gif .html .shtml .htm .pdf
-AddIcon /icons/text.gif .txt
-AddIcon /icons/c.gif .c
-AddIcon /icons/p.gif .pl .py
-AddIcon /icons/f.gif .for
-AddIcon /icons/dvi.gif .dvi
-AddIcon /icons/uuencoded.gif .uu
-AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
-AddIcon /icons/tex.gif .tex
-AddIcon /icons/bomb.gif core
-
-AddIcon /icons/back.gif ..
-AddIcon /icons/hand.right.gif README
-AddIcon /icons/folder.gif ^^DIRECTORY^^
-AddIcon /icons/blank.gif ^^BLANKICON^^
-
-#
-# DefaultIcon is which icon to show for files which do not have an icon
-# explicitly set.
-#
-DefaultIcon /icons/unknown.gif
-
-#
-# AddDescription allows you to place a short description after a file in
-# server-generated indexes. These are only displayed for FancyIndexed
-# directories.
-# Format: AddDescription "description" filename
-#
-#AddDescription "GZIP compressed document" .gz
-#AddDescription "tar archive" .tar
-#AddDescription "GZIP compressed tar archive" .tgz
-
-#
-# ReadmeName is the name of the README file the server will look for by
-# default, and append to directory listings.
-#
-# HeaderName is the name of a file which should be prepended to
-# directory indexes.
-ReadmeName README.html
-HeaderName HEADER.html
-
-#
-# IndexIgnore is a set of filenames which directory indexing should ignore
-# and not include in the listing. Shell-style wildcarding is permitted.
-#
-IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf
deleted file mode 100644
index 29dfb72..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-dav.conf
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# Distributed authoring and versioning (WebDAV)
-#
-# Required modules: mod_dav, mod_dav_fs, mod_setenvif, mod_alias
-# mod_auth_digest, mod_authn_file
-#
-
-# The following example gives DAV write access to a directory called
-# "uploads" under the ServerRoot directory.
-#
-# The User/Group specified in httpd.conf needs to have write permissions
-# on the directory where the DavLockDB is placed and on any directory where
-# "Dav On" is specified.
-
-DavLockDB "/usr/local/apache2/var/DavLock"
-
-Alias /uploads "/usr/local/apache2/uploads"
-
-<Directory "/usr/local/apache2/uploads">
- Dav On
-
- Order Allow,Deny
- Allow from all
-
- AuthType Digest
- AuthName DAV-upload
-
- # You can use the htdigest program to create the password database:
- # htdigest -c "/usr/local/apache2/user.passwd" DAV-upload admin
- AuthUserFile "/usr/local/apache2/user.passwd"
- AuthDigestProvider file
-
- # Allow universal read-access, but writes are restricted
- # to the admin user.
- <LimitExcept GET OPTIONS>
- require user admin
- </LimitExcept>
-</Directory>
-
-#
-# The following directives disable redirects on non-GET requests for
-# a directory that does not include the trailing slash. This fixes a
-# problem with several clients that do not appropriately handle
-# redirects for folders with DAV methods.
-#
-BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
-BrowserMatch "MS FrontPage" redirect-carefully
-BrowserMatch "^WebDrive" redirect-carefully
-BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
-BrowserMatch "^gnome-vfs/1.0" redirect-carefully
-BrowserMatch "^XML Spy" redirect-carefully
-BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf
deleted file mode 100644
index efeca05..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-default.conf
+++ /dev/null
@@ -1,75 +0,0 @@
-#
-# This configuration file reflects default settings for Apache HTTP Server.
-#
-# You may change these, but chances are that you may not need to.
-#
-
-#
-# Timeout: The number of seconds before receives and sends time out.
-#
-Timeout 300
-
-#
-# KeepAlive: Whether or not to allow persistent connections (more than
-# one request per connection). Set to "Off" to deactivate.
-#
-KeepAlive On
-
-#
-# MaxKeepAliveRequests: The maximum number of requests to allow
-# during a persistent connection. Set to 0 to allow an unlimited amount.
-# We recommend you leave this number high, for maximum performance.
-#
-MaxKeepAliveRequests 100
-
-#
-# KeepAliveTimeout: Number of seconds to wait for the next request from the
-# same client on the same connection.
-#
-KeepAliveTimeout 5
-
-#
-# UseCanonicalName: Determines how Apache constructs self-referencing
-# URLs and the SERVER_NAME and SERVER_PORT variables.
-# When set "Off", Apache will use the Hostname and Port supplied
-# by the client. When set "On", Apache will use the value of the
-# ServerName directive.
-#
-UseCanonicalName Off
-
-#
-# AccessFileName: The name of the file to look for in each directory
-# for additional configuration directives. See also the AllowOverride
-# directive.
-#
-AccessFileName .htaccess
-
-#
-# ServerTokens
-# This directive configures what you return as the Server HTTP response
-# Header. The default is 'Full' which sends information about the OS-Type
-# and compiled in modules.
-# Set to one of: Full | OS | Minor | Minimal | Major | Prod
-# where Full conveys the most information, and Prod the least.
-#
-ServerTokens Full
-
-#
-# Optionally add a line containing the server version and virtual host
-# name to server-generated pages (internal error documents, FTP directory
-# listings, mod_status and mod_info output etc., but not CGI generated
-# documents or custom error documents).
-# Set to "EMail" to also include a mailto: link to the ServerAdmin.
-# Set to one of: On | Off | EMail
-#
-ServerSignature On
-
-#
-# HostnameLookups: Log the names of clients or just their IP addresses
-# e.g., www.apache.org (on) or 204.62.129.132 (off).
-# The default is off because it'd be overall better for the net if people
-# had to knowingly turn this feature on, since enabling it means that
-# each client request will result in AT LEAST one lookup request to the
-# nameserver.
-#
-HostnameLookups Off
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf
deleted file mode 100644
index db316c0..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-info.conf
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# Get information about the requests being processed by the server
-# and the configuration of the server.
-#
-# Required modules: mod_status (for the server-status handler),
-# mod_info (for the server-info handler)
-
-#
-# Allow server status reports generated by mod_status,
-# with the URL of http://servername/server-status
-# Change the ".example.com" to match your domain to enable.
-
-<Location /server-status>
- SetHandler server-status
- Order deny,allow
- Deny from all
- Allow from .example.com
-</Location>
-
-#
-# ExtendedStatus controls whether Apache will generate "full" status
-# information (ExtendedStatus On) or just basic information (ExtendedStatus
-# Off) when the "server-status" handler is called. The default is Off.
-#
-#ExtendedStatus On
-
-#
-# Allow remote server configuration reports, with the URL of
-# http://servername/server-info (requires that mod_info.c be loaded).
-# Change the ".example.com" to match your domain to enable.
-#
-<Location /server-info>
- SetHandler server-info
- Order deny,allow
- Deny from all
- Allow from .example.com
-</Location>
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf
deleted file mode 100644
index 7f66461..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-languages.conf
+++ /dev/null
@@ -1,141 +0,0 @@
-#
-# Settings for hosting different languages.
-#
-# Required modules: mod_mime, mod_negotiation
-
-# DefaultLanguage and AddLanguage allows you to specify the language of
-# a document. You can then use content negotiation to give a browser a
-# file in a language the user can understand.
-#
-# Specify a default language. This means that all data
-# going out without a specific language tag (see below) will
-# be marked with this one. You probably do NOT want to set
-# this unless you are sure it is correct for all cases.
-#
-# * It is generally better to not mark a page as
-# * being a certain language than marking it with the wrong
-# * language!
-#
-# DefaultLanguage nl
-#
-# Note 1: The suffix does not have to be the same as the language
-# keyword --- those with documents in Polish (whose net-standard
-# language code is pl) may wish to use "AddLanguage pl .po" to
-# avoid the ambiguity with the common suffix for perl scripts.
-#
-# Note 2: The example entries below illustrate that in some cases
-# the two character 'Language' abbreviation is not identical to
-# the two character 'Country' code for its country,
-# E.g. 'Danmark/dk' versus 'Danish/da'.
-#
-# Note 3: In the case of 'ltz' we violate the RFC by using a three char
-# specifier. There is 'work in progress' to fix this and get
-# the reference data for rfc1766 cleaned up.
-#
-# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
-# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
-# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
-# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
-# Norwegian (no) - Polish (pl) - Portugese (pt)
-# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
-# Turkish (tr) - Simplified Chinese (zh-CN) - Spanish (es)
-# Traditional Chinese (zh-TW)
-#
-AddLanguage ca .ca
-AddLanguage cs .cz .cs
-AddLanguage da .dk
-AddLanguage de .de
-AddLanguage el .el
-AddLanguage en .en
-AddLanguage eo .eo
-AddLanguage es .es
-AddLanguage et .et
-AddLanguage fr .fr
-AddLanguage he .he
-AddLanguage hr .hr
-AddLanguage it .it
-AddLanguage ja .ja
-AddLanguage ko .ko
-AddLanguage ltz .ltz
-AddLanguage nl .nl
-AddLanguage nn .nn
-AddLanguage no .no
-AddLanguage pl .po
-AddLanguage pt .pt
-AddLanguage pt-BR .pt-br
-AddLanguage ru .ru
-AddLanguage sv .sv
-AddLanguage tr .tr
-AddLanguage zh-CN .zh-cn
-AddLanguage zh-TW .zh-tw
-
-# LanguagePriority allows you to give precedence to some languages
-# in case of a tie during content negotiation.
-#
-# Just list the languages in decreasing order of preference. We have
-# more or less alphabetized them here. You probably want to change this.
-#
-LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv tr zh-CN zh-TW
-
-#
-# ForceLanguagePriority allows you to serve a result page rather than
-# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
-# [in case no accepted languages matched the available variants]
-#
-ForceLanguagePriority Prefer Fallback
-
-#
-# Commonly used filename extensions to character sets. You probably
-# want to avoid clashes with the language extensions, unless you
-# are good at carefully testing your setup after each change.
-# See http://www.iana.org/assignments/character-sets for the
-# official list of charset names and their respective RFCs.
-#
-AddCharset us-ascii.ascii .us-ascii
-AddCharset ISO-8859-1 .iso8859-1 .latin1
-AddCharset ISO-8859-2 .iso8859-2 .latin2 .cen
-AddCharset ISO-8859-3 .iso8859-3 .latin3
-AddCharset ISO-8859-4 .iso8859-4 .latin4
-AddCharset ISO-8859-5 .iso8859-5 .cyr .iso-ru
-AddCharset ISO-8859-6 .iso8859-6 .arb .arabic
-AddCharset ISO-8859-7 .iso8859-7 .grk .greek
-AddCharset ISO-8859-8 .iso8859-8 .heb .hebrew
-AddCharset ISO-8859-9 .iso8859-9 .latin5 .trk
-AddCharset ISO-8859-10 .iso8859-10 .latin6
-AddCharset ISO-8859-13 .iso8859-13
-AddCharset ISO-8859-14 .iso8859-14 .latin8
-AddCharset ISO-8859-15 .iso8859-15 .latin9
-AddCharset ISO-8859-16 .iso8859-16 .latin10
-AddCharset ISO-2022-JP .iso2022-jp .jis
-AddCharset ISO-2022-KR .iso2022-kr .kis
-AddCharset ISO-2022-CN .iso2022-cn .cis
-AddCharset Big5.Big5 .big5 .b5
-AddCharset cn-Big5 .cn-big5
-# For russian, more than one charset is used (depends on client, mostly):
-AddCharset WINDOWS-1251 .cp-1251 .win-1251
-AddCharset CP866 .cp866
-AddCharset KOI8 .koi8
-AddCharset KOI8-E .koi8-e
-AddCharset KOI8-r .koi8-r .koi8-ru
-AddCharset KOI8-U .koi8-u
-AddCharset KOI8-ru .koi8-uk .ua
-AddCharset ISO-10646-UCS-2 .ucs2
-AddCharset ISO-10646-UCS-4 .ucs4
-AddCharset UTF-7 .utf7
-AddCharset UTF-8 .utf8
-AddCharset UTF-16 .utf16
-AddCharset UTF-16BE .utf16be
-AddCharset UTF-16LE .utf16le
-AddCharset UTF-32 .utf32
-AddCharset UTF-32BE .utf32be
-AddCharset UTF-32LE .utf32le
-AddCharset euc-cn .euc-cn
-AddCharset euc-gb .euc-gb
-AddCharset euc-jp .euc-jp
-AddCharset euc-kr .euc-kr
-#Not sure how euc-tw got in - IANA doesn't list it???
-AddCharset EUC-TW .euc-tw
-AddCharset gb2312 .gb2312 .gb
-AddCharset iso-10646-ucs-2 .ucs-2 .iso-10646-ucs-2
-AddCharset iso-10646-ucs-4 .ucs-4 .iso-10646-ucs-4
-AddCharset shift_jis .shift_jis .sjis
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf
deleted file mode 100644
index fc12fb9..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-manual.conf
+++ /dev/null
@@ -1,31 +0,0 @@
-#
-# Provide access to the documentation on your server as
-# http://yourserver.example.com/manual/
-# The documentation is always available at
-# http://httpd.apache.org/docs/2.2/
-#
-# Required modules: mod_alias, mod_setenvif, mod_negotiation
-#
-
-AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|pt-br|ru|tr))?(/.*)?$ "/usr/local/apache2/manual$1"
-
-<Directory "/usr/local/apache2/manual">
- Options Indexes
- AllowOverride None
- Order allow,deny
- Allow from all
-
- <Files *.html>
- SetHandler type-map
- </Files>
- # .tr is text/troff in mime.types!
- <Files *.html.tr.utf8>
- ForceType "text/html; charset=utf-8"
- </Files>
-
- SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|pt-br|ru|tr)/ prefer-language=$1
- RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|pt-br|ru|tr)){2,}(/.*)?$ /manual/$1$2
-
- LanguagePriority en de es fr ja ko pt-br ru tr
- ForceLanguagePriority Prefer Fallback
-</Directory>
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf
deleted file mode 100644
index 8c44c60..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-mpm.conf
+++ /dev/null
@@ -1,110 +0,0 @@
-#
-# Server-Pool Management (MPM specific)
-#
-
-#
-# PidFile: The file in which the server should record its process
-# identification number when it starts.
-#
-# Note that this is the default PidFile for most MPMs.
-#
-<IfModule !mpm_netware_module>
- PidFile "logs/httpd.pid"
-</IfModule>
-
-#
-# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
-#
-<IfModule !mpm_winnt_module>
-<IfModule !mpm_netware_module>
-LockFile "logs/accept.lock"
-</IfModule>
-</IfModule>
-
-#
-# Only one of the below sections will be relevant on your
-# installed httpd. Use "apachectl -l" to find out the
-# active mpm.
-#
-
-# prefork MPM
-# StartServers: number of server processes to start
-# MinSpareServers: minimum number of server processes which are kept spare
-# MaxSpareServers: maximum number of server processes which are kept spare
-# MaxClients: maximum number of server processes allowed to start
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule mpm_prefork_module>
- StartServers 5
- MinSpareServers 5
- MaxSpareServers 10
- MaxClients 150
- MaxRequestsPerChild 0
-</IfModule>
-
-# worker MPM
-# StartServers: initial number of server processes to start
-# MaxClients: maximum number of simultaneous client connections
-# MinSpareThreads: minimum number of worker threads which are kept spare
-# MaxSpareThreads: maximum number of worker threads which are kept spare
-# ThreadsPerChild: constant number of worker threads in each server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule mpm_worker_module>
- StartServers 2
- MaxClients 150
- MinSpareThreads 25
- MaxSpareThreads 75
- ThreadsPerChild 25
- MaxRequestsPerChild 0
-</IfModule>
-
-# BeOS MPM
-# StartThreads: how many threads do we initially spawn?
-# MaxClients: max number of threads we can have (1 thread == 1 client)
-# MaxRequestsPerThread: maximum number of requests each thread will process
-<IfModule mpm_beos_module>
- StartThreads 10
- MaxClients 50
- MaxRequestsPerThread 10000
-</IfModule>
-
-# NetWare MPM
-# ThreadStackSize: Stack size allocated for each worker thread
-# StartThreads: Number of worker threads launched at server startup
-# MinSpareThreads: Minimum number of idle threads, to handle request spikes
-# MaxSpareThreads: Maximum number of idle threads
-# MaxThreads: Maximum number of worker threads alive at the same time
-# MaxRequestsPerChild: Maximum number of requests a thread serves. It is
-# recommended that the default value of 0 be set for this
-# directive on NetWare. This will allow the thread to
-# continue to service requests indefinitely.
-<IfModule mpm_netware_module>
- ThreadStackSize 65536
- StartThreads 250
- MinSpareThreads 25
- MaxSpareThreads 250
- MaxThreads 1000
- MaxRequestsPerChild 0
- MaxMemFree 100
-</IfModule>
-
-# OS/2 MPM
-# StartServers: Number of server processes to maintain
-# MinSpareThreads: Minimum number of idle threads per process,
-# to handle request spikes
-# MaxSpareThreads: Maximum number of idle threads per process
-# MaxRequestsPerChild: Maximum number of connections per server process
-<IfModule mpm_mpmt_os2_module>
- StartServers 2
- MinSpareThreads 5
- MaxSpareThreads 10
- MaxRequestsPerChild 0
-</IfModule>
-
-# WinNT MPM
-# ThreadsPerChild: constant number of worker threads in the server process
-# MaxRequestsPerChild: maximum number of requests a server process serves
-<IfModule mpm_winnt_module>
- ThreadsPerChild 150
- MaxRequestsPerChild 0
-</IfModule>
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf
deleted file mode 100644
index 8ff9a45..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-multilang-errordoc.conf
+++ /dev/null
@@ -1,52 +0,0 @@
-#
-# The configuration below implements multi-language error documents through
-# content-negotiation.
-#
-# Required modules: mod_alias, mod_include, mod_negotiation
-#
-# We use Alias to redirect any /error/HTTP_<error>.html.var response to
-# our collection of by-error message multi-language collections. We use
-# includes to substitute the appropriate text.
-#
-# You can modify the messages' appearance without changing any of the
-# default HTTP_<error>.html.var files by adding the line:
-#
-# Alias /error/include/ "/your/include/path/"
-#
-# which allows you to create your own set of files by starting with the
-# /usr/local/apache2/error/include/ files and copying them to /your/include/path/,
-# even on a per-VirtualHost basis. The default include files will display
-# your Apache version number and your ServerAdmin email address regardless
-# of the setting of ServerSignature.
-
-Alias /error/ "/usr/local/apache2/error/"
-
-<Directory "/usr/local/apache2/error">
- AllowOverride None
- Options IncludesNoExec
- AddOutputFilter Includes html
- AddHandler type-map var
- Order allow,deny
- Allow from all
- LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
- ForceLanguagePriority Prefer Fallback
-</Directory>
-
-ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
-ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
-ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
-ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
-ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
-ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
-ErrorDocument 410 /error/HTTP_GONE.html.var
-ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
-ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
-ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
-ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
-ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
-ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
-ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
-ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
-ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
-ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf
deleted file mode 100644
index 51f3784..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-ssl.conf
+++ /dev/null
@@ -1,269 +0,0 @@
-#
-# This is the Apache server configuration file providing SSL support.
-# It contains the configuration directives to instruct the server how to
-# serve pages over an https connection. For detailed information about these
-# directives see <URL:http://httpd.apache.org/docs/2.2/mod/mod_ssl.html>
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-
-#
-# Pseudo Random Number Generator (PRNG):
-# Configure one or more sources to seed the PRNG of the SSL library.
-# The seed data should be of good random quality.
-# WARNING! On some platforms /dev/random blocks if not enough entropy
-# is available. This means you then cannot use the /dev/random device
-# because it would lead to very long connection times (as long as
-# it requires to make more entropy available). But usually those
-# platforms additionally provide a /dev/urandom device which doesn't
-# block. So, if available, use this one instead. Read the mod_ssl User
-# Manual for more details.
-#
-#SSLRandomSeed startup file:/dev/random 512
-#SSLRandomSeed startup file:/dev/urandom 512
-#SSLRandomSeed connect file:/dev/random 512
-#SSLRandomSeed connect file:/dev/urandom 512
-
-
-#
-# When we also provide SSL we have to listen to the
-# standard HTTP port (see above) and to the HTTPS port
-#
-# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
-# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
-#
-Listen 443
-
-##
-## SSL Global Context
-##
-## All SSL configuration in this context applies both to
-## the main server and all SSL-enabled virtual hosts.
-##
-
-#
-# Some MIME-types for downloading Certificates and CRLs
-#
-AddType application/x-x509-ca-cert .crt
-AddType application/x-pkcs7-crl .crl
-
-# SSL Cipher Suite:
-# List the ciphers that the client is permitted to negotiate,
-# and that httpd will negotiate as the client of a proxied server.
-# See the OpenSSL documentation for a complete list of ciphers, and
-# ensure these follow appropriate best practices for this deployment.
-# httpd 2.2.30, 2.4.13 and later force-disable aNULL, eNULL and EXP ciphers,
-# while OpenSSL disabled these by default in 0.9.8zf/1.0.0r/1.0.1m/1.0.2a.
-SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4
-SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4
-
-# By the end of 2016, only TLSv1.2 ciphers should remain in use.
-# Older ciphers should be disallowed as soon as possible, while the
-# kRSA ciphers do not offer forward secrecy. These changes inhibit
-# older clients (such as IE6 SP2 or IE8 on Windows XP, or other legacy
-# non-browser tooling) from successfully connecting.
-#
-# To restrict mod_ssl to use only TLSv1.2 ciphers, and disable
-# those protocols which do not support forward secrecy, replace
-# the SSLCipherSuite and SSLProxyCipherSuite directives above with
-# the following two directives, as soon as practical.
-# SSLCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
-# SSLProxyCipherSuite HIGH:MEDIUM:!SSLv3:!kRSA
-
-# User agents such as web browsers are not configured for the user's
-# own preference of either security or performance, therefore this
-# must be the prerogative of the web server administrator who manages
-# cpu load versus confidentiality, so enforce the server's cipher order.
-SSLHonorCipherOrder on
-
-# SSL Protocol support:
-# List the protocol versions which clients are allowed to connect with.
-# Disable SSLv2 and SSLv3 by default (cf. RFC 7525 3.1.1). TLSv1 (1.0)
-# should be disabled as quickly as practical. By the end of 2016, only
-# the TLSv1.2 protocol or later should remain in use.
-SSLProtocol all -SSLv2 -SSLv3
-SSLProxyProtocol all -SSLv2 -SSLv3
-
-# Pass Phrase Dialog:
-# Configure the pass phrase gathering process.
-# The filtering dialog program (`builtin' is a internal
-# terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog builtin
-
-# Inter-Process Session Cache:
-# Configure the SSL Session Cache: First the mechanism
-# to use and second the expiring timeout (in seconds).
-#SSLSessionCache "dbm:/usr/local/apache2/logs/ssl_scache"
-SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
-SSLSessionCacheTimeout 300
-
-# Semaphore:
-# Configure the path to the mutual exclusion semaphore the
-# SSL engine uses internally for inter-process synchronization.
-SSLMutex "file:/usr/local/apache2/logs/ssl_mutex"
-
-##
-## SSL Virtual Host Context
-##
-
-<VirtualHost _default_:443>
-
-# General setup for the virtual host
-DocumentRoot "/usr/local/apache2/htdocs"
-ServerName www.example.com:443
-ServerAdmin you@example.com
-ErrorLog "/usr/local/apache2/logs/error_log"
-TransferLog "/usr/local/apache2/logs/access_log"
-
-# SSL Engine Switch:
-# Enable/Disable SSL for this virtual host.
-SSLEngine on
-
-# Server Certificate:
-# Point SSLCertificateFile at a PEM encoded certificate. If
-# the certificate is encrypted, then you will be prompted for a
-# pass phrase. Note that a kill -HUP will prompt again. Keep
-# in mind that if you have both an RSA and a DSA certificate you
-# can configure both in parallel (to also allow the use of DSA
-# ciphers, etc.)
-# Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt)
-# require an ECC certificate which can also be configured in
-# parallel.
-SSLCertificateFile "/usr/local/apache2/conf/server.crt"
-#SSLCertificateFile "/usr/local/apache2/conf/server-dsa.crt"
-#SSLCertificateFile "/usr/local/apache2/conf/server-ecc.crt"
-
-# Server Private Key:
-# If the key is not combined with the certificate, use this
-# directive to point at the key file. Keep in mind that if
-# you've both a RSA and a DSA private key you can configure
-# both in parallel (to also allow the use of DSA ciphers, etc.)
-# ECC keys, when in use, can also be configured in parallel
-SSLCertificateKeyFile "/usr/local/apache2/conf/server.key"
-#SSLCertificateKeyFile "/usr/local/apache2/conf/server-dsa.key"
-#SSLCertificateKeyFile "/usr/local/apache2/conf/server-ecc.key"
-
-# Server Certificate Chain:
-# Point SSLCertificateChainFile at a file containing the
-# concatenation of PEM encoded CA certificates which form the
-# certificate chain for the server certificate. Alternatively
-# the referenced file can be the same as SSLCertificateFile
-# when the CA certificates are directly appended to the server
-# certificate for convenience.
-#SSLCertificateChainFile "/usr/local/apache2/conf/server-ca.crt"
-
-# Certificate Authority (CA):
-# Set the CA certificate verification path where to find CA
-# certificates for client authentication or alternatively one
-# huge file containing all of them (file must be PEM encoded)
-# Note: Inside SSLCACertificatePath you need hash symlinks
-# to point to the certificate files. Use the provided
-# Makefile to update the hash symlinks after changes.
-#SSLCACertificatePath "/usr/local/apache2/conf/ssl.crt"
-#SSLCACertificateFile "/usr/local/apache2/conf/ssl.crt/ca-bundle.crt"
-
-# Certificate Revocation Lists (CRL):
-# Set the CA revocation path where to find CA CRLs for client
-# authentication or alternatively one huge file containing all
-# of them (file must be PEM encoded)
-# Note: Inside SSLCARevocationPath you need hash symlinks
-# to point to the certificate files. Use the provided
-# Makefile to update the hash symlinks after changes.
-#SSLCARevocationPath "/usr/local/apache2/conf/ssl.crl"
-#SSLCARevocationFile "/usr/local/apache2/conf/ssl.crl/ca-bundle.crl"
-
-# Client Authentication (Type):
-# Client certificate verification type and depth. Types are
-# none, optional, require and optional_no_ca. Depth is a
-# number which specifies how deeply to verify the certificate
-# issuer chain before deciding the certificate is not valid.
-#SSLVerifyClient require
-#SSLVerifyDepth 10
-
-# Access Control:
-# With SSLRequire you can do per-directory access control based
-# on arbitrary complex boolean expressions containing server
-# variable checks and other lookup directives. The syntax is a
-# mixture between C and Perl. See the mod_ssl documentation
-# for more details.
-#<Location />
-#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
-# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
-# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
-# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
-# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
-# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
-#</Location>
-
-# SSL Engine Options:
-# Set various options for the SSL engine.
-# o FakeBasicAuth:
-# Translate the client X.509 into a Basic Authorisation. This means that
-# the standard Auth/DBMAuth methods can be used for access control. The
-# user name is the `one line' version of the client's X.509 certificate.
-# Note that no password is obtained from the user. Every entry in the user
-# file needs this password: `xxj31ZMTZzkVA'.
-# o ExportCertData:
-# This exports two additional environment variables: SSL_CLIENT_CERT and
-# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
-# server (always existing) and the client (only existing when client
-# authentication is used). This can be used to import the certificates
-# into CGI scripts.
-# o StdEnvVars:
-# This exports the standard SSL/TLS related `SSL_*' environment variables.
-# Per default this exportation is switched off for performance reasons,
-# because the extraction step is an expensive operation and is usually
-# useless for serving static content. So one usually enables the
-# exportation for CGI and SSI requests only.
-# o StrictRequire:
-# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
-# under a "Satisfy any" situation, i.e. when it applies access is denied
-# and no other module can change it.
-# o OptRenegotiate:
-# This enables optimized SSL connection renegotiation handling when SSL
-# directives are used in per-directory context.
-#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
-<FilesMatch "\.(cgi|shtml|phtml|php)$">
- SSLOptions +StdEnvVars
-</FilesMatch>
-<Directory "/usr/local/apache2/cgi-bin">
- SSLOptions +StdEnvVars
-</Directory>
-
-# SSL Protocol Adjustments:
-# The safe and default but still SSL/TLS standard compliant shutdown
-# approach is that mod_ssl sends the close notify alert but doesn't wait for
-# the close notify alert from client. When you need a different shutdown
-# approach you can use one of the following variables:
-# o ssl-unclean-shutdown:
-# This forces an unclean shutdown when the connection is closed, i.e. no
-# SSL close notify alert is sent or allowed to be received. This violates
-# the SSL/TLS standard but is needed for some brain-dead browsers. Use
-# this when you receive I/O errors because of the standard approach where
-# mod_ssl sends the close notify alert.
-# o ssl-accurate-shutdown:
-# This forces an accurate shutdown when the connection is closed, i.e. a
-# SSL close notify alert is send and mod_ssl waits for the close notify
-# alert of the client. This is 100% SSL/TLS standard compliant, but in
-# practice often causes hanging connections with brain-dead browsers. Use
-# this only for browsers where you know that their SSL implementation
-# works correctly.
-# Notice: Most problems of broken clients are also related to the HTTP
-# keep-alive facility, so you usually additionally want to disable
-# keep-alive for those clients, too. Use variable "nokeepalive" for this.
-# Similarly, one has to force some clients to use HTTP/1.0 to workaround
-# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
-# "force-response-1.0" for this.
-BrowserMatch "MSIE [2-5]" \
- nokeepalive ssl-unclean-shutdown \
- downgrade-1.0 force-response-1.0
-
-# Per-Server Logging:
-# The home of a custom SSL log file. Use this when you want a
-# compact non-error SSL logfile on a virtual host basis.
-CustomLog "/usr/local/apache2/logs/ssl_request_log" \
- "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
-
-</VirtualHost>
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf
deleted file mode 100644
index 567bd6d..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-userdir.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# Settings for user home directories
-#
-# Required module: mod_userdir
-
-#
-# UserDir: The name of the directory that is appended onto a user's home
-# directory if a ~user request is received. Note that you must also set
-# the default access control for these directories, as in the example below.
-#
-UserDir public_html
-
-#
-# Control access to UserDir directories. The following is an example
-# for a site where these directories are restricted to read-only.
-#
-<Directory "/home/*/public_html">
- AllowOverride FileInfo AuthConfig Limit Indexes
- Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
- <Limit GET POST OPTIONS>
- Order allow,deny
- Allow from all
- </Limit>
- <LimitExcept GET POST OPTIONS>
- Order deny,allow
- Deny from all
- </LimitExcept>
-</Directory>
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf
deleted file mode 100644
index 12995e2..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/extra/httpd-vhosts.conf
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# Virtual Hosts
-#
-# If you want to maintain multiple domains/hostnames on your
-# machine you can setup VirtualHost containers for them. Most configurations
-# use only name-based virtual hosts so the server doesn't need to worry about
-# IP addresses. This is indicated by the asterisks in the directives below.
-#
-# Please see the documentation at
-# <URL:http://httpd.apache.org/docs/2.2/vhosts/>
-# for further details before you try to setup virtual hosts.
-#
-# You may use the command line option '-S' to verify your virtual host
-# configuration.
-
-#
-# Use name-based virtual hosting.
-#
-NameVirtualHost *:80
-
-#
-# VirtualHost example:
-# Almost any Apache directive may go into a VirtualHost container.
-# The first VirtualHost section is used for all requests that do not
-# match a ServerName or ServerAlias in any <VirtualHost> block.
-#
-<VirtualHost *:8080>
- ServerAdmin webmaster@dummy-host.example.com
- DocumentRoot "/usr/local/apache2/docs/dummy-host.example.com"
- ServerName dummy-host.example.com
- ServerAlias www.dummy-host.example.com
- ErrorLog "logs/dummy-host.example.com-error_log"
- CustomLog "logs/dummy-host.example.com-access_log" common
-</VirtualHost>
-
-<VirtualHost *:8080>
- ServerAdmin webmaster@dummy-host2.example.com
- DocumentRoot "/usr/local/apache2/docs/dummy-host2.example.com"
- ServerName dummy-host2.example.com
- ErrorLog "logs/dummy-host2.example.com-error_log"
- CustomLog "logs/dummy-host2.example.com-access_log" common
-</VirtualHost>
-
-
-
diff --git a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf
deleted file mode 100644
index 8724924..0000000
--- a/setup/projects/katrin/files/etc/apache2-kaas-docker/original/httpd.conf
+++ /dev/null
@@ -1,494 +0,0 @@
-#
-# This is the main Apache HTTP server configuration file. It contains the
-# configuration directives that give the server its instructions.
-# See <URL:http://httpd.apache.org/docs/2.2> for detailed information.
-# In particular, see
-# <URL:http://httpd.apache.org/docs/2.2/mod/directives.html>
-# for a discussion of each configuration directive.
-#
-# Do NOT simply read the instructions in here without understanding
-# what they do. They're here only as hints or reminders. If you are unsure
-# consult the online docs. You have been warned.
-#
-# Configuration and logfile names: If the filenames you specify for many
-# of the server's control files begin with "/" (or "drive:/" for Win32), the
-# server will use that explicit path. If the filenames do *not* begin
-# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
-# with ServerRoot set to '/www' will be interpreted by the
-# server as '/www/log/access_log', where as '/log/access_log' will be
-# interpreted as '/log/access_log'.
-
-#
-# ServerRoot: The top of the directory tree under which the server's
-# configuration, error, and log files are kept.
-#
-# Do not add a slash at the end of the directory path. If you point
-# ServerRoot at a non-local disk, be sure to point the LockFile directive
-# at a local disk. If you wish to share the same ServerRoot for multiple
-# httpd daemons, you will need to change at least LockFile and PidFile.
-#
-ServerRoot "/usr/local/apache2"
-
-#
-# Listen: Allows you to bind Apache to specific IP addresses and/or
-# ports, instead of the default. See also the <VirtualHost>
-# directive.
-#
-# Change this to Listen on specific IP addresses as shown below to
-# prevent Apache from glomming onto all bound IP addresses.
-#
-#Listen 12.34.56.78:80
-Listen 8080
-
-#
-# Dynamic Shared Object (DSO) Support
-#
-# To be able to use the functionality of a module which was built as a DSO you
-# have to place corresponding `LoadModule' lines at this location so the
-# directives contained in it are actually available _before_ they are used.
-# Statically compiled modules (those listed by `httpd -l') do not need
-# to be loaded here.
-#
-# Example:
-# LoadModule foo_module modules/mod_foo.so
-#
-LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_dbm_module modules/mod_authn_dbm.so
-LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_dbd_module modules/mod_authn_dbd.so
-LoadModule authn_default_module modules/mod_authn_default.so
-LoadModule authn_alias_module modules/mod_authn_alias.so
-LoadModule authz_host_module modules/mod_authz_host.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
-LoadModule authz_default_module modules/mod_authz_default.so
-LoadModule auth_basic_module modules/mod_auth_basic.so
-LoadModule auth_digest_module modules/mod_auth_digest.so
-LoadModule file_cache_module modules/mod_file_cache.so
-LoadModule cache_module modules/mod_cache.so
-LoadModule disk_cache_module modules/mod_disk_cache.so
-LoadModule mem_cache_module modules/mod_mem_cache.so
-LoadModule dbd_module modules/mod_dbd.so
-LoadModule dumpio_module modules/mod_dumpio.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule include_module modules/mod_include.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule substitute_module modules/mod_substitute.so
-LoadModule charset_lite_module modules/mod_charset_lite.so
-LoadModule deflate_module modules/mod_deflate.so
-LoadModule ldap_module modules/mod_ldap.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule log_forensic_module modules/mod_log_forensic.so
-LoadModule logio_module modules/mod_logio.so
-LoadModule env_module modules/mod_env.so
-LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule cern_meta_module modules/mod_cern_meta.so
-LoadModule expires_module modules/mod_expires.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule ident_module modules/mod_ident.so
-LoadModule usertrack_module modules/mod_usertrack.so
-LoadModule unique_id_module modules/mod_unique_id.so
-LoadModule setenvif_module modules/mod_setenvif.so
-LoadModule version_module modules/mod_version.so
-LoadModule proxy_module modules/mod_proxy.so
-LoadModule proxy_connect_module modules/mod_proxy_connect.so
-LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-LoadModule ssl_module modules/mod_ssl.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule dav_module modules/mod_dav.so
-LoadModule status_module modules/mod_status.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule asis_module modules/mod_asis.so
-LoadModule info_module modules/mod_info.so
-LoadModule cgi_module modules/mod_cgi.so
-LoadModule dav_fs_module modules/mod_dav_fs.so
-LoadModule dav_lock_module modules/mod_dav_lock.so
-LoadModule vhost_alias_module modules/mod_vhost_alias.so
-LoadModule negotiation_module modules/mod_negotiation.so
-LoadModule dir_module modules/mod_dir.so
-LoadModule imagemap_module modules/mod_imagemap.so
-LoadModule actions_module modules/mod_actions.so
-LoadModule speling_module modules/mod_speling.so
-LoadModule userdir_module modules/mod_userdir.so
-LoadModule alias_module modules/mod_alias.so
-LoadModule rewrite_module modules/mod_rewrite.so
-
-<IfModule !mpm_netware_module>
-<IfModule !mpm_winnt_module>
-#
-# If you wish httpd to run as a different user or group, you must run
-# httpd as root initially and it will switch.
-#
-# User/Group: The name (or #number) of the user/group to run httpd as.
-# It is usually good practice to create a dedicated user and group for
-# running httpd, as with most system services.
-#
-User daemon
-Group daemon
-
-</IfModule>
-</IfModule>
-
-# 'Main' server configuration
-#
-# The directives in this section set up the values used by the 'main'
-# server, which responds to any requests that aren't handled by a
-# <VirtualHost> definition. These values also provide defaults for
-# any <VirtualHost> containers you may define later in the file.
-#
-# All of these directives may appear inside <VirtualHost> containers,
-# in which case these default settings will be overridden for the
-# virtual host being defined.
-#
-
-#
-# ServerAdmin: Your address, where problems with the server should be
-# e-mailed. This address appears on some server-generated pages, such
-# as error documents. e.g. admin@your-domain.com
-#
-ServerAdmin you@example.com
-
-#
-# ServerName gives the name and port that the server uses to identify itself.
-# This can often be determined automatically, but we recommend you specify
-# it explicitly to prevent problems during startup.
-#
-# If your host doesn't have a registered DNS name, enter its IP address here.
-#
-#ServerName www.example.com:80
-
-#
-# DocumentRoot: The directory out of which you will serve your
-# documents. By default, all requests are taken from this directory, but
-# symbolic links and aliases may be used to point to other locations.
-#
-DocumentRoot "/usr/local/apache2/htdocs"
-
-#
-# Each directory to which Apache has access can be configured with respect
-# to which services and features are allowed and/or disabled in that
-# directory (and its subdirectories).
-#
-# First, we configure the "default" to be a very restrictive set of
-# features.
-#
-<Directory />
- Options FollowSymLinks
- AllowOverride None
- Order deny,allow
- Deny from all
-</Directory>
-
-#
-# Note that from this point forward you must specifically allow
-# particular features to be enabled - so if something's not working as
-# you might expect, make sure that you have specifically enabled it
-# below.
-#
-
-#
-# This should be changed to whatever you set DocumentRoot to.
-#
-<Directory "/usr/local/apache2/htdocs">
- #
- # Possible values for the Options directive are "None", "All",
- # or any combination of:
- # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
- #
- # Note that "MultiViews" must be named *explicitly* --- "Options All"
- # doesn't give it to you.
- #
- # The Options directive is both complicated and important. Please see
- # http://httpd.apache.org/docs/2.2/mod/core.html#options
- # for more information.
- #
- Options Indexes FollowSymLinks
-
- #
- # AllowOverride controls what directives may be placed in .htaccess files.
- # It can be "All", "None", or any combination of the keywords:
- # Options FileInfo AuthConfig Limit
- #
- AllowOverride None
-
- #
- # Controls who can get stuff from this server.
- #
- Order allow,deny
- Allow from all
-
-</Directory>
-
-#
-# DirectoryIndex: sets the file that Apache will serve if a directory
-# is requested.
-#
-<IfModule dir_module>
- DirectoryIndex index.html
-</IfModule>
-
-#
-# The following lines prevent .htaccess and .htpasswd files from being
-# viewed by Web clients.
-#
-<FilesMatch "^\.ht">
- Order allow,deny
- Deny from all
- Satisfy All
-</FilesMatch>
-
-#
-# ErrorLog: The location of the error log file.
-# If you do not specify an ErrorLog directive within a <VirtualHost>
-# container, error messages relating to that virtual host will be
-# logged here. If you *do* define an error logfile for a <VirtualHost>
-# container, that host's errors will be logged there and not here.
-#
-ErrorLog "logs/error_log"
-
-#
-# LogLevel: Control the number of messages logged to the error_log.
-# Possible values include: debug, info, notice, warn, error, crit,
-# alert, emerg.
-#
-LogLevel warn
-
-<IfModule log_config_module>
- #
- # The following directives define some format nicknames for use with
- # a CustomLog directive (see below).
- #
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
- LogFormat "%h %l %u %t \"%r\" %>s %b" common
-
- <IfModule logio_module>
- # You need to enable mod_logio.c to use %I and %O
- LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
- </IfModule>
-
- #
- # The location and format of the access logfile (Common Logfile Format).
- # If you do not define any access logfiles within a <VirtualHost>
- # container, they will be logged here. Contrariwise, if you *do*
- # define per-<VirtualHost> access logfiles, transactions will be
- # logged therein and *not* in this file.
- #
- CustomLog "logs/access_log" common
-
- #
- # If you prefer a logfile with access, agent, and referer information
- # (Combined Logfile Format) you can use the following directive.
- #
- #CustomLog "logs/access_log" combined
-</IfModule>
-
-<IfModule alias_module>
- #
- # Redirect: Allows you to tell clients about documents that used to
- # exist in your server's namespace, but do not anymore. The client
- # will make a new request for the document at its new location.
- # Example:
- # Redirect permanent /foo http://www.example.com/bar
-
- #
- # Alias: Maps web paths into filesystem paths and is used to
- # access content that does not live under the DocumentRoot.
- # Example:
- # Alias /webpath /full/filesystem/path
- #
- # If you include a trailing / on /webpath then the server will
- # require it to be present in the URL. You will also likely
- # need to provide a <Directory> section to allow access to
- # the filesystem path.
-
- #
- # ScriptAlias: This controls which directories contain server scripts.
- # ScriptAliases are essentially the same as Aliases, except that
- # documents in the target directory are treated as applications and
- # run by the server when requested rather than as documents sent to the
- # client. The same rules about trailing "/" apply to ScriptAlias
- # directives as to Alias.
- #
- ScriptAlias /cgi-bin/ "/usr/local/apache2/cgi-bin/"
-
-</IfModule>
-
-<IfModule cgid_module>
- #
- # ScriptSock: On threaded servers, designate the path to the UNIX
- # socket used to communicate with the CGI daemon of mod_cgid.
- #
- #Scriptsock logs/cgisock
-</IfModule>
-
-#
-# "/usr/local/apache2/cgi-bin" should be changed to whatever your ScriptAliased
-# CGI directory exists, if you have that configured.
-#
-<Directory "/usr/local/apache2/cgi-bin">
- AllowOverride None
- Options None
- Order allow,deny
- Allow from all
-</Directory>
-
-#
-# DefaultType: the default MIME type the server will use for a document
-# if it cannot otherwise determine one, such as from filename extensions.
-# If your server contains mostly text or HTML documents, "text/plain" is
-# a good value. If most of your content is binary, such as applications
-# or images, you may want to use "application/octet-stream" instead to
-# keep browsers from trying to display binary files as though they are
-# text.
-#
-DefaultType text/plain
-
-<IfModule headers_module>
- #
- # Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
- # backend servers which have lingering "httpoxy" defects.
- # 'Proxy' request header is undefined by the IETF, not listed by IANA
- #
- RequestHeader unset Proxy early
-</IfModule>
-
-<IfModule mime_module>
- #
- # TypesConfig points to the file containing the list of mappings from
- # filename extension to MIME-type.
- #
- TypesConfig conf/mime.types
-
- #
- # AddType allows you to add to or override the MIME configuration
- # file specified in TypesConfig for specific file types.
- #
- #AddType application/x-gzip .tgz
- #
- # AddEncoding allows you to have certain browsers uncompress
- # information on the fly. Note: Not all browsers support this.
- #
- #AddEncoding x-compress .Z
- #AddEncoding x-gzip .gz .tgz
- #
- # If the AddEncoding directives above are commented-out, then you
- # probably should define those extensions to indicate media types:
- #
- AddType application/x-compress .Z
- AddType application/x-gzip .gz .tgz
-
- #
- # AddHandler allows you to map certain file extensions to "handlers":
- # actions unrelated to filetype. These can be either built into the server
- # or added with the Action directive (see below)
- #
- # To use CGI scripts outside of ScriptAliased directories:
- # (You will also need to add "ExecCGI" to the "Options" directive.)
- #
- #AddHandler cgi-script .cgi
-
- # For type maps (negotiated resources):
- #AddHandler type-map var
-
- #
- # Filters allow you to process content before it is sent to the client.
- #
- # To parse .shtml files for server-side includes (SSI):
- # (You will also need to add "Includes" to the "Options" directive.)
- #
- #AddType text/html .shtml
- #AddOutputFilter INCLUDES .shtml
-</IfModule>
-
-#
-# The mod_mime_magic module allows the server to use various hints from the
-# contents of the file itself to determine its type. The MIMEMagicFile
-# directive tells the module where the hint definitions are located.
-#
-#MIMEMagicFile conf/magic
-
-#
-# Customizable error responses come in three flavors:
-# 1) plain text 2) local redirects 3) external redirects
-#
-# Some examples:
-#ErrorDocument 500 "The server made a boo boo."
-#ErrorDocument 404 /missing.html
-#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
-#ErrorDocument 402 http://www.example.com/subscription_info.html
-#
-
-#
-# MaxRanges: Maximum number of Ranges in a request before
-# returning the entire resource, or one of the special
-# values 'default', 'none' or 'unlimited'.
-# Default setting is to accept 200 Ranges.
-#MaxRanges unlimited
-
-#
-# EnableMMAP and EnableSendfile: On systems that support it,
-# memory-mapping or the sendfile syscall is used to deliver
-# files. This usually improves server performance, but must
-# be turned off when serving from networked-mounted
-# filesystems or if support for these functions is otherwise
-# broken on your system.
-#
-#EnableMMAP off
-#EnableSendfile off
-
-# Supplemental configuration
-#
-# The configuration files in the conf/extra/ directory can be
-# included to add extra features or to modify the default configuration of
-# the server, or you may simply copy their contents here and change as
-# necessary.
-
-# Server-pool management (MPM specific)
-#Include conf/extra/httpd-mpm.conf
-
-# Multi-language error messages
-#Include conf/extra/httpd-multilang-errordoc.conf
-
-# Fancy directory listings
-#Include conf/extra/httpd-autoindex.conf
-
-# Language settings
-#Include conf/extra/httpd-languages.conf
-
-# User home directories
-#Include conf/extra/httpd-userdir.conf
-
-# Real-time info on requests and configuration
-#Include conf/extra/httpd-info.conf
-
-# Virtual hosts
-#Include conf/extra/httpd-vhosts.conf
-
-# Local access to the Apache HTTP Server Manual
-#Include conf/extra/httpd-manual.conf
-
-# Distributed authoring and versioning (WebDAV)
-#Include conf/extra/httpd-dav.conf
-
-# Various default settings
-#Include conf/extra/httpd-default.conf
-
-# Secure (SSL/TLS) connections
-#Include conf/extra/httpd-ssl.conf
-#
-# Note: The following must must be present to support
-# starting without SSL on platforms with no /dev/random equivalent
-# but a statically compiled-in mod_ssl.
-#
-<IfModule ssl_module>
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-</IfModule>
diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
deleted file mode 100644
index d155267..0000000
--- a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
+++ /dev/null
@@ -1,43 +0,0 @@
----
-allowHostDirVolumePlugin: false
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegedContainer: false
-allowedCapabilities: null
-apiVersion: v1
-defaultAddCapabilities: null
-fsGroup:
- type: MustRunAs
-groups:
-- system:authenticated
-kind: SecurityContextConstraints
-metadata:
- annotations:
- kubernetes.io/description: restricted denies access to all host features and requires
- pods to be run with a UID, and SELinux context that are allocated to the namespace. This
- is the most restrictive SCC.
- creationTimestamp: null
- name: katrin-restricted
-priority: null
-readOnlyRootFilesystem: false
-requiredDropCapabilities:
-- KILL
-- MKNOD
-- SYS_CHROOT
-- SETUID
-- SETGID
-runAsUser:
- type: MustRunAsRange
-seLinuxContext:
- type: MustRunAs
-supplementalGroups:
- type: RunAsAny
-volumes:
-- glusterfs
-- configMap
-- downwardAPI
-- emptyDir
-- persistentVolumeClaim
-- secret
diff --git a/setup/projects/katrin/templates/40-kaas-manager.yml.j2 b/setup/projects/katrin/templates/40-kaas-manager.yml.j2
new file mode 120000
index 0000000..b7233ad
--- /dev/null
+++ b/setup/projects/katrin/templates/40-kaas-manager.yml.j2
@@ -0,0 +1 @@
+../../kaas/templates/40-kaas-manager.yml.j2 \ No newline at end of file
diff --git a/setup/projects/katrin/templates/katrin.yml.j2.bk b/setup/projects/katrin/templates/katrin.yml.j2.bk
deleted file mode 100644
index 5d032b3..0000000
--- a/setup/projects/katrin/templates/katrin.yml.j2.bk
+++ /dev/null
@@ -1,135 +0,0 @@
----
-apiVersion: v1
-kind: Template
-metadata:
- name: kaas
- annotations:
- descriptions: "KATRIN Routing Service"
-objects:
- - apiVersion: v1
- kind: Service
- metadata:
- name: kaas
- spec:
- selector:
- name: kaas
- ports:
- - name: http
- port: 80
- targetPort: 8080
- - name: https
- port: 443
- targetPort: 8443
- - apiVersion: v1
- kind: Route
- metadata:
- name: kaas
- spec:
- host: {{ kaas_project_config.katrin_node }}
- to:
- kind: Service
- name: kaas
- port:
- targetPort: http
- tls:
- termination: edge
- insecureEdgeTerminationPolicy: Allow
- certificate: |-
- -----BEGIN CERTIFICATE-----
- MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
- BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK
- DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN
- MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG
- A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD
- VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B
- AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I
- ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU
- GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n
- qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH
- DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3
- 060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV
- HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu
- cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL
- ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x
- G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs
- WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6
- /ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE
- qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp
- j5rXZ3Oda5tHYrnPsA==
- -----END CERTIFICATE-----
- key: |-
- -----BEGIN PRIVATE KEY-----
- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIn36cpuErgBpX
- JUf+OYDE8UL+jayF6OYUv2MgTgivKt2eKt6nFyC93bFylNh45vlMwooW0map5beM
- 84HeMATIvO+7LVpjB38M3HgD1VQY7ayF2qM8xoE6TgqOyNme37y2hYl4AFiwnicB
- OlszSKORfpGpChFuiJopaW+jXSeox8aZCMxH6ULm6EXmFaEfAP6o+KAQUZiKzvd2
- AUOHJ1+XinM9cHJK/iEzjMe8cccM7RCKkYjHCYyvDhT/Liyc3WEMI8UMk3dZ6Eri
- W3u0PwRrVXCKQIuHZ5n6/3gFALfTrSEcgLiUSG1NoOw1esYjDOpU/1M+45UQ6AQC
- PHI3XYPTAgMBAAECggEAFFXubIyR2Gn0wY6a3I8RmWTnKIxNx4kTAVlg/95JDRBo
- RGcOCJvUispU+UtTIfYvoPM7MhMDqwcI8vWf3Vi6s2pLVorDVbRl0XTriV/vVVOK
- IEtILpnkcXeFpHGBdZQyOcIRbCOE2eo+A+bZZbpgMhhFRYAqwiyAi+APG90ObxIb
- AqTEeTyztqyrKfnTdr50owL2KT7adS6XuSUNX681IJc+szbQ7piXN57Kdxd2PydM
- JnSZAOBpQHkbiOEDUseeDjYRT23loeMIS7nWTwo1Y1LwsEKL5S7C0fKBfZV9xARw
- TntGuM87HzbAk4535We8qW3t/5EqpzurgK7u9/PEEQKBgQDjy8CjDdobGK9+VUDg
- iHbANbzEB4LrpVJiE+esr0iLXOoMdfTPwpd4XpbPPOjx/A9+6VfpdGt1EdZwLMpy
- qryPW0iumsri3iPSVBS79mN6WmwYhNOcOTWlmbs4pEhubht9aNBi7rZ7QZgV3PLN
- 7YBZHzxfyxTcIBCAzzoF7zaUeQKBgQDhdneOijWAYx0AMKTBzJw52KO/gloTDl9M
- mOhvUIuYxkUE/mDE5EqI6k9VkbAqUvlD3z2S7yNY+h2hldO+u3w8GPo+bTCMyNDB
- 0tQGCZnbKl8mfmItUlTyJ/MmNbanmYI2VmhDTMh6S8d8qKW9txXfDEXrzY2p7z/X
- gRF3Ow9PqwKBgGw7CMHv+Ora5bbehr6n19QnNBLnhrqzh9r1niOb/JnKgaF+Ad0c
- lZ8pQfog9ITUwAAKmixflha/bOVLQr0Mhh6Ovo/HGBKGfPqX3GoZ/NXLVISpx2j4
- fZa63gthctCVHBaP0ELRLH6PgdURb4OMDmlJwAO7l6Om0HCDBQyAxavxAoGAZPUJ
- QBh/MIgxGj6t5+HZKsXpPP3/m3zaC5CEtCOa/sP5b+0AI+odvgU9lRFxkuIon828
- 4qiWaWdGEW7nrAaD8N02YPG/xaq+X6wqKLHv5QWqKbB6AdVWGEDvTfLLYW0Js48p
- jMk7FBgOsbFK1hK/hmsWfCpE/w0Ux0kSKxOVHZUCgYEA41rhW18+KdxJyQTZaQRV
- 0KQr8/30L116XYYTYrkILa6504nXMr7xSHuMxaPNl20b/sBz8a8VuKJt2CLZQ0Q3
- oW3GAG2Fk+mvrauLriiJ2KgZkS5IJweJKHbIk1GQrucNArNojk9unrqN8wpa3Ywo
- 9GafqnfUGu+FVd1CKolicSA=
- -----END PRIVATE KEY-----
- - apiVersion: v1
- kind: DeploymentConfig
- metadata:
- name: kaas
- spec:
- replicas: 1
- selector:
- name: kaas
- template:
- metadata:
- name: kaas
- labels:
- name: kaas
- strategy:
- type: Rolling
- triggers:
- - type: ConfigChange
- spec:
- nodeSelector:
- master: "1"
- containers:
- - name: kaas
- image: centos/httpd-24-centos7
- imagePullPolicy: Always
- ports:
- - containerPort: 8080
- - containerPort: 8443
- volumeMounts:
- - name: config
- subPath: etc/apache2-kaas
- mountPath: /etc/httpd
- - name: config
- subPath: log/apache2-kaas
- mountPath: /var/log/httpd24
- - name: config
- subPath: htdocs/kaas
- mountPath: /opt/rh/httpd24/root/var/www/html
- livenessProbe:
- timeoutSeconds: 1
- initialDelaySeconds: 3
- httpGet:
- path: /index.html
- port: 8080
- volumes:
- - name: config
- persistentVolumeClaim:
- claimName: openshift
diff --git a/setup/projects/katrin/vars/katrin.yml b/setup/projects/katrin/vars/katrin.yml
deleted file mode 100644
index c825654..0000000
--- a/setup/projects/katrin/vars/katrin.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-#katrin_openshift_volumes:
-#adei_openshift_volumes:
-
-#volumes: "{{ ands_openshift_volumes | combine (katrin_openshift_volumes, adei_openshift_volumes) }}"
-#files: "{{ ands_openshift_files | union([]) }}"
-#file_owner: katrin
-#file_group: katrin \ No newline at end of file
diff --git a/setup/projects/katrin/vars/pods.yml b/setup/projects/katrin/vars/pods.yml
deleted file mode 100644
index 1334242..0000000
--- a/setup/projects/katrin/vars/pods.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-# First port is exposed
-
-pods:
- kaas:
- variant: "{{ ands_prefer_docker | default(false) | ternary('docker', 'centos') }}"
- centos:
- service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] }
- sched: { replicas: 1, selector: { master: 1 } }
- selector: { master: 1 }
- images:
- - image: "centos/httpd-24-centos7"
- mappings:
- - { name: "etc", path: "apache2-kaas-centos", mount: "/etc/httpd" }
- - { name: "www", path: "kaas", mount: "/opt/rh/httpd24/root/var/www/html" }
- - { name: "log", path: "apache2-kaas", mount: "/var/log/httpd24" }
- probes:
- - { port: 8080, path: '/index.html' }
- docker:
- service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] }
- sched: { replicas: 1, selector: { master: 1 } }
- selector: { master: 1 }
- images:
- - image: "httpd:2.2"
- mappings:
- - { name: "etc", path: "apache2-kaas-docker", mount: "/usr/local/apache2/conf" }
- - { name: "www", path: "kaas", mount: "/usr/local/apache2/htdocs" }
- - { name: "log", path: "apache2-kaas", mount: "/usr/local/apache2/logs" }
- probes:
- - { port: 8080, path: '/index.html' }
-
-#pods:
-# kaas: "{{ kaas_project_config.pod_variants[ ands_prefer_docker | default(false) | ternary(1, 0) ] }}"
-
-
-
-#oc:
-# - template: "[0-3]*"
-# - template: "[4-6]*"
-# - resource: "route/apache"
-# oc: "expose svc/kaas --name apache --hostname=apache.{{ openshift_master_default_subdomain }}"
-# - template: "*"
- \ No newline at end of file
diff --git a/setup/projects/katrin/vars/volumes.yml b/setup/projects/katrin/vars/volumes.yml
new file mode 100644
index 0000000..ca22a28
--- /dev/null
+++ b/setup/projects/katrin/vars/volumes.yml
@@ -0,0 +1,11 @@
+gids:
+ katrin: { id: 5000 }
+
+extra_volumes:
+ katrin: { volume: "katrin_data", path: "/", capacity: "40Ti", write: true }
+
+files:
+ - { osv: "katrin", path: "/", state: "directory", group: "katrin", mode: "0775" }
+
+#resync: true
+#sync_set_gid: katrin