|
Size: 356
Comment: working!!
|
Size: 1912
Comment: try some puppet highlighting
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 19: | Line 19: |
== thinking about apache == Our puppet management of apache is still a mess, so we'll do it manually. What do we want to take care of? * install `apache2-mpm-itk` * a couple of timeout tweaks to `apache2.conf` * `ports.conf` (listen only on 202.4.224.31, ''not'' ssl, etc.) * aka. biribiri.meidokon.net * `a2enmod ssl` * fix `ports.conf` again for SSL, no generic Listens * conf.d/priv.conf {{{ SetEnvIf Remote_Addr ^202\.4\.235\.109$ priv-group }}} * install `libapache2-mod-php5` * start the service * stub out `/var/www/html/monitor` for the default site * fix up an index.html * edit `mods-enabled/status.conf` to get a usable `/server-status` * fix up an `info.php` * install `libapache2-mod-wsgi` * `AssignUserId [username] [groupname]` for itk * nice logging * log to homedirs, `~/logs/apache/{access,error}.log` * fix up logrotate fragment, `apache2-vhost-logs` == Some puppet manifest == {{{#!highlight puppet node "misaka.anchor.net.au" { $supportlevel = complete networking::interface { "eth0": ipaddress => "202.4.224.29/25", gateway => "top"; "eth0:00": ipaddress => "202.4.224.30/25", comment => "nginx"; "eth0:01": ipaddress => "202.4.224.31/25", comment => "apache"; "eth0:02": ipaddress => "202.4.224.48/25", comment => "qqc.meidokon.net"; "eth1": ipaddress => "172.22.71.103/16"; } }}} |
misaka
- debian squeeze x64
- puppet managed
local work
mount /home with acls
/etc/skel
.bashrc
# Timestamped shell FTW export HISTTIMEFORMAT='%Y-%m-%d %H:%M:%S '
.screenrc
.vimrc
add self to .ssh/authorized_keys
mkdir -m 0701 public_html
thinking about apache
Our puppet management of apache is still a mess, so we'll do it manually. What do we want to take care of?
install apache2-mpm-itk
a couple of timeout tweaks to apache2.conf
ports.conf (listen only on 202.4.224.31, not ssl, etc.)
- aka. biribiri.meidokon.net
a2enmod ssl
fix ports.conf again for SSL, no generic Listens
conf.d/priv.conf
SetEnvIf Remote_Addr ^202\.4\.235\.109$ priv-group
install libapache2-mod-php5
- start the service
stub out /var/www/html/monitor for the default site
- fix up an index.html
edit mods-enabled/status.conf to get a usable /server-status
fix up an info.php
install libapache2-mod-wsgi
AssignUserId [username] [groupname] for itk
- nice logging
log to homedirs, ~/logs/apache/{access,error}.log
fix up logrotate fragment, apache2-vhost-logs
Some puppet manifest
1 node "misaka.anchor.net.au" {
2 $supportlevel = complete
3
4 networking::interface {
5 "eth0":
6 ipaddress => "202.4.224.29/25",
7 gateway => "top";
8 "eth0:00":
9 ipaddress => "202.4.224.30/25",
10 comment => "nginx";
11 "eth0:01":
12 ipaddress => "202.4.224.31/25",
13 comment => "apache";
14 "eth0:02":
15 ipaddress => "202.4.224.48/25",
16 comment => "qqc.meidokon.net";
17 "eth1":
18 ipaddress => "172.22.71.103/16";
19 }