--- ansible_ssh_user: monitor ansible_become_user: root ansible_become: true ansible_become_method: sudo ansible_ssh_private_key_file: /etc/ansible/key/cme_ansible.key rom_group: rom-admin rom_users: monitor: password_hash: password groups: "{{ rom_group }}" public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWEoKAv7ZN7O6gXqnvEs+BHZbpSmd8fhVlN9BHnrl82Psc4Zh71tttnf242BBaUFKNXSJWOH0yYW5LZ9x0BJM0uwGK7HHbVfAVjJ2jm79ITEpg5AVEnsp7q5CAoQfz3i4f7gzY+twDtPv99GmCWrTj7TOxmQFw8r5U7taMsjjKTRICAvX3s8ya0zcRjZ6gtuv5Pjv2H2Wt6GZVAFfk90XjduQg85bANnjxNUIWkzhhVisfO2iIiV63RpTBXjDJqO5j2fGD0fLdQdZ+jRbUL8d4z3W8P7/VMsWnte+TqPQI8UhkfMKraovZJnMuqHejC/JX2/o+L9CiH7Lx7GrHsB51 monitor rom_remove_users: - suppal rom_user_groups: "{{ rom_group }}": gid: 2450 rom_sudo_groups: "{{ rom_group }}": sudo_mode: "NOPASSWD: ALL" ########################################## # Client - Configuration ########################################## client: client-name client_domain: www.client_site.com client_user_group: "{{ client }}-admin" ########################################## # Client Users - Configuration ########################################## #users: # bipin: # password_hash: password # groups: "{{ client_user_group }}" # public_key: ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAq92Md6XGZn/2s6c2xsEOk14MxYCq3qghWy8mZi+nZsAzl62TrFlbMtxpPbXSZRcJP/FD0a+DrYfINLLu0nl3fhf8wfL1PgM/DZish7cS3UUK7LarIrkL7JYHd8av1FnkYdWGwFmfUvz7HhnIE2dSmYAFHf7yFl7Eyo4/toxDjXn1OX3ghwNUMxlIXpybTuqmz00z7qkqOoRKgOdacScKzZO06tlzBhVQI/wZFJNOKFGQZ0QxDQ3SV75C2kkLMsfv+Vxh0o5WNV1iTt9kW3lKhhcNqUDzRPp59hmPxkXmZ5GwnAG0BGp6o6AuU2aGl9n8kWc2KEbxMP/Z8be68Du/1w== bipin remove_users: - firedclientUser user_groups: "{{ client_user_group }}": gid: 2625 sudo_groups: "{{ client_user_group }}": sudo_mode: "NOPASSWD: ALL" ########################################## # Java - Configuration ########################################## java_version: 8 java_subversion: 171 java_download_path: /tmp java_remove_download: true java_set_javahome: true install_java: true java_install_dir: /data/apps/java java_default_link_name: default java_home: "{{ java_install_dir }}/{{ java_default_link_name }}" jdk_version: "1.{{ java_version }}.0_{{ java_subversion }}" jdk_tarball_file: "jdk-{{ java_version }}u{{ java_subversion }}-linux-x64" jdk_tarball_url: "http://download.3sharecorp.com/jdk/{{ jdk_tarball_file }}.tar.gz" ########################################## # System - Configuration ########################################## selinuxEnabled: false ########################################## # AEM - Configuration ########################################## aem_process_user: root aem_process_group: root aem_version: "6.4" aem_jar: AEM_{{ aem_version }}_Quickstart.jar aem_download_link: https://download.3sharecorp.com/aem/{{ aem_jar }} aem_license_username: "{{ client }}" aem_license_serial: "empty" # AEM options (default) install_aem: true force_reinstall_aem: false create_aem_datastore: false update_aem_start_scripts: false update_aem_config_override: false enable_aem_autostart: true install_compaction_tools: false install_aem_tools: true aem_root_dir: /data/apps/aem aem_tmp_dir: "{{ aem_root_dir }}/tmp" aem_home: "{{ aem_root_dir }}/{{ aem_mode }}" aem_tools_home: "/home/{{ aem_process_user }}/tools" aem_install_dir: "{{ aem_home }}/crx-quickstart/install" aem_datastore_relative_path: crx-quickstart/repository/datastore aem_datastore_path: "{{ aem_home }}/{{ aem_datastore_relative_path }}" aem_lock_file: /home/aem/aem.process.lock aem_config_override_file: /etc/sysconfig/aem.{{ aem_mode }}.conf env: "prod" aem_sample_content: false aem_run_modes: - "{{ aem_mode }}" - "{{ env }}" aem_memory_size: 2g aem_jvm_params: - "-server" - "-Xmx{{ aem_memory_size }}" - "-Djava.awt.headless=true" - "-XX:NewRatio=1" - "-XX:+UseParallelGC -XX:+UseParallelOldGC -XX:ParallelGCThreads=4" - "-XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/data/apps/aem/tmp" - "-Djava.io.tmpdir=/data/apps/aem/tmp" - "-Djackrabbit.maxQueuedEvents=1000000" - "-Doak.queryLimitInMemory=500000" - "-Doak.queryLimitReads=100000" - "-Dupdate.limit=250000" - "-Doak.fastQuerySize=true" # Author mode (default) aem_start_command: aemAuthor aem_mode: author aem_port: 4502 install_local_author_apache: true # Publish mode aem_publish_start_command: aemPublish aem_publish_mode: publish aem_publish_port: 4503 install_local_publish_apache: false ########################################## # Apache - Configuration ########################################## apache_packages: - httpd - mod_ssl apache_packages_removed: - mod_php - php-common apache_user: apache apache_group: apache apache_root: /etc/httpd apache_vhost_dir_name: vhosts apache_confd_dir_name: conf.d apache_conf_dir_name: conf apache_ssl_dir_name: ssl apache_module_dir_name: modules apache_rewrites_dir_name: rewrites apache_conf_modules_d_dir_name: conf.modules.d http_data_dir: /data/apps/www docroot_base_dir: "{{ http_data_dir }}/htdocs" logs_base_dir: "{{ http_data_dir }}/logs" httpd_modules_dir: "{{ apache_root }}/{{ apache_module_dir_name }}" httpd_vhosts_dir: "{{ apache_root }}/{{ apache_vhost_dir_name }}" httpd_rewrites_dir: "{{ apache_root }}/{{ apache_rewrites_dir_name }}" httpd_ssl_dir: "{{ apache_root }}/{{ apache_ssl_dir_name }}" httpd_confd_dir: "{{ apache_root }}/{{ apache_confd_dir_name }}" httpd_conf_dir: "{{ apache_root }}/{{ apache_conf_dir_name }}" httpd_conf_modules_d_dir: "{{ apache_root }}/{{ apache_conf_modules_d_dir_name }}" installPageSpeed: false install_local_apache: false reset_apache_config: true # Mod_Security Configuration installModSecurity: false apache_mod_sec_dir_name: modsecurity.d httpd_mod_sec_dir: "{{ apache_root }}/{{ apache_conf_modules_d_dir_name }}" apache_modules: - dispatcher-apache2.2-4.2.2.so - dispatcher-apache2.4-4.2.2.so # Default Linked IP Publisher IP linked_publisher_ip: "127.0.0.1" linked_author_ip: "127.0.0.1" dispatcher_conf: - dispatcher_conf_name: dispatcher.conf dispatcher_any_location: conf.d/dispatcher.any dispatcher_log_dir: "{{ logs_base_dir }}" dispatcher_log_name: dispatcher dispatcher_log_level: 3 dispatcher_decline_root: "On" dispatcher_use_processed_url: "On" dispatcher_pass_error: 1 dispatcher_keep_alive_timeout: 0 dispatcher_any: - dispatcher_farm_name: publish dispatcher_farm_clientheaders: - "*" dispatcher_farm_virtualhosts: - "*" dispatcher_farm_renders: - dispatcher_render_name: rend01 dispatcher_render_hostname: "{{ linked_publisher_ip }}" dispatcher_render_port: 4503 dispatcher_render_timeout: 0 dispatcher_render_secure: 0 dispatcher_farm_filters: - '# deny everything' - '/0001 { /glob "*" /type "deny" }' - '# open consoles' - '/0015 { /type "allow" /url "/system/sling/logout.html"} # Enable Log Out' - '# allow non-public content directories' - '/0025 { /type "allow" /glob "* /bin/*" } # allow servlet access' - '/0035 { /type "allow" /glob "* /content/*" }' - '# enable specific mime types in non-public content directories' - '/0300 { /type "allow" /url "*.css" } # enable css' - '/0305 { /type "allow" /url "*.gif" } # enable gifs' - '/0310 { /type "allow" /url "*.ico" } # enable icos' - '/0315 { /type "allow" /url "*.js" } # enable javascript' - '/0320 { /type "allow" /url "*.png" } # enable png' - '/0325 { /type "allow" /url "*.swf" } # enable flash' - '/0330 { /type "allow" /url "*.svg" } # enable SVG' - '/0335 { /type "allow" /url "*.woff" } # enable woff' - '/0340 { /type "allow" /url "*.ttf" } # enable ttf' - '/0345 { /type "allow" /url "*.eot" } # enable eot' - '/0350 { /type "allow" /url "*.jpg" } # enable jpg' - '/0355 { /type "allow" /url "*.woff2" } # enable woff2' - '/0356 { /type "allow" /url "*.json" } # enable json' - '# enable features' - '/0400 { /type "allow" /glob "GET /libs/cq/i18n/dict.en.json" }' - '/0405 { /type "allow" /glob "* /libs/cq/personalization/*" }' - '/0410 { /type "allow" /glob "GET /libs/cq/security/userinfo.json*" }' - '/0415 { /type "allow" /glob "POST /content/[.]*.form.html" } # allow POSTs to form selectors under content' - '/0420 { /type "allow" /glob "POST /content/[.]*.commerce.cart.json" } # allow POSTs to update ecommerce' - '# block specific paths' - '/0500 { /type "deny" /glob "GET /etc/reports*" }' - '/0505 { /type "deny" /glob "GET /etc/replication*" }' - '/0510 { /type "deny" /glob "* /libs/shindig/proxy*" }' - '/0515 { /type "deny" /glob "* /bin/crxde/logs*" } # block logs access' - '/0520 { /type "deny" /glob "GET /apps.*" }' - '# deny content grabbing' - '/0700 { /type "deny" /glob "* *.infinity.json*" }' - '/0705 { /type "deny" /glob "* *.-1.json*" }' - '/0710 { /type "deny" /glob "* *.tidy.json*" }' - '/0715 { /type "deny" /glob "* *.sysview.xml*" }' - '/0720 { /type "deny" /glob "* *.docview.json*" }' - '/0725 { /type "deny" /glob "* *.docview.xml*" }' - '#/0730 { /type "deny" /glob "* /content/*.xml*" }' - '/0735 { /type "deny" /glob "* *.query.*" }' - '/0745 { /type "deny" /glob "* *..json*" }' - '/0750 { /type "deny" /glob "* *.feed*" }' - '/0755 { /type "deny" /glob "* /etc/designs/*.xml*" }' - '/0760 { /type "deny" /glob "* *.export.zip*" }' - '/0765 { /type "deny" /glob "* *.export.*.zip*" }' - '/0770 { /type "deny" /glob "* *.*[0-9].*.json*" }' - '/0775 { /type "deny" /glob "* *.*[0-9].json*" }' - '/0780 { /type "deny" /glob "* *.json/*" }' - '# deny query' - '/0800 { /type "deny" /glob "* *.query*" }' - '# Enabled Paths/Features' - '/0900 { /type "allow" /glob "GET /content/*sitemap.xml*" } # Allow sitemap.xml requests' - '/0905 { /type "allow" /glob "* /etc/clientcontext/default/contextstores/twitterprofiledata/loader.json*" } # Enable Client Context' - '/9010 { /type "allow" /glob "GET /etc/clientcontext/default/content/jcr:content/stores.init.js*" }' - '/0915 { /type "allow" /glob "* /etc/clientcontext/default/contextstores/fb*/loader.json*" } # Enable Client Context' - '/0920 { /type "allow" /glob "* /etc/clientcontext/customclientcontext*"} # Enable Client Context' - '/0925 { /type "allow" /url "/libs/granite/csrf/token.json"} # Enable CSRF Token' dispatcher_farm_docroot: "{{ docroot_base_dir }}/publish" dispatcher_farm_statfileslevel: 0 dispatcher_farm_allowAuthorized: 0 dispatcher_farm_serveStaleOnError: 0 dispatcher_farm_cache_rules: - '/0000 { /type "allow" /glob "*" }' - '/0005 { /type "deny" /glob "/bin/*" }' - '/0010 { /type "deny" /glob "*.json*" }' dispatcher_farm_invalidate: - '/0000 { /type "deny" /glob "*" }' - '/0005 { /type "allow" /glob "*.html" }' - '/0010 { /type "allow" /glob "/etc/segmentation.segment.js" }' - '/0015 { /type "allow" /glob "*/analytics.sitecatalyst.js" }' dispatcher_farm_allowedClients: - '/0000 { /type "deny" /glob "*" }' - '/0005 { /type "allow" /glob "127.0.0.1" } # Allow from self' dispatcher_farm_ignoreUrlParams: - '/0001 { /glob "*" /type "deny" }' common_includes: - http_global.conf conf_files: - httpd.conf - magic conf_modules_d_files: - 00-base.conf - 00-dav.conf - 00-lua.conf - 00-mpm.conf - 00-proxy.conf - 00-ssl.conf - 00-systemd.conf confd_files: - autoindex.conf - blocked.conf - compression.conf - header.conf - log.conf - ssi.conf - ssl.conf - userdir.conf - welcome.conf rewrite_files: - http_vhost_base.conf - http_global.conf ssl_files: - 3share.crt - 3share.key - 3share.ca.crt vhosts: - servername: 01-publisher docroot: "{{ docroot_base_dir }}/publish" serveralias: - "site.3sharecorp.com" logname: publish log_dir: "{{ logs_base_dir }}" includes: - http_vhost_base.conf ssl: - "SSLCertificateFile ssl/3share.crt" - "SSLCertificateKeyFile ssl/3share.key" - "SSLCertificateChainFile ssl/3share.ca.crt"