summaryrefslogtreecommitdiffstats
path: root/setup
diff options
context:
space:
mode:
Diffstat (limited to 'setup')
-rw-r--r--setup/configs/labels.yml6
-rw-r--r--setup/configs/openshift.yml12
-rw-r--r--setup/configs/secrets.yml10
-rw-r--r--setup/configs/volumes.yml37
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.d/README9
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf94
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf217
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf36
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf18
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf67
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf3
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf1
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf19
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf20
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf16
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf1
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf2
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf14
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf353
-rw-r--r--setup/projects/katrin/files/etc/apache2-kaas/conf/magic385
l---------setup/projects/katrin/files/etc/apache2-kaas/logs1
l---------setup/projects/katrin/files/etc/apache2-kaas/modules1
l---------setup/projects/katrin/files/etc/apache2-kaas/run1
-rw-r--r--setup/projects/katrin/files/www/kaas/index.html1
-rw-r--r--setup/projects/katrin/keys/kaas.crt22
-rw-r--r--setup/projects/katrin/keys/kaas.key90
-rw-r--r--setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl43
-rw-r--r--setup/projects/katrin/templates/katrin.yml.j2.bk135
-rw-r--r--setup/projects/katrin/vars/globals.yml2
-rw-r--r--setup/projects/katrin/vars/katrin.yml7
-rw-r--r--setup/projects/katrin/vars/pods.yml22
-rw-r--r--setup/users/htpasswd3
l---------setup/users/users.yml1
33 files changed, 1649 insertions, 0 deletions
diff --git a/setup/configs/labels.yml b/setup/configs/labels.yml
new file mode 100644
index 0000000..1c5f19f
--- /dev/null
+++ b/setup/configs/labels.yml
@@ -0,0 +1,6 @@
+---
+ands_openshift_labels:
+ region: "infra"
+ zone: "default"
+ master: "{{ ( 'masters' in group_names ) | ternary(1, 0) }}"
+ fat_storage: "{{ ( 'storage_nodes' in group_names ) | ternary(1, 0) }}"
diff --git a/setup/configs/openshift.yml b/setup/configs/openshift.yml
new file mode 100644
index 0000000..eb3af3e
--- /dev/null
+++ b/setup/configs/openshift.yml
@@ -0,0 +1,12 @@
+---
+ands_openshift_projects:
+ katrin: KArlsruhe TRItium Neutrino
+
+ands_openshift_users:
+ pdv: IPE Administation Account
+ katrin: KATRIN Project
+ csa: Suren A. Chilingaryan <csa@suren.me>
+
+ands_openshift_roles:
+ cluster-admin: csa, pdv
+ katrin/admin: katrin
diff --git a/setup/configs/secrets.yml b/setup/configs/secrets.yml
new file mode 100644
index 0000000..5005be0
--- /dev/null
+++ b/setup/configs/secrets.yml
@@ -0,0 +1,10 @@
+$ANSIBLE_VAULT;1.1;AES256
+30383738386265633133306363326639656331333736303966633133333661383561373533303966
+6361396564626437656237663035616461656661316265610a306336373231616136393330616632
+39376265346133303332363235303635383239336463633234616261643161643639313732313536
+3264636131353136640a623238663037336261303063313564303665386561643030373064356536
+61633136393138656533336563346635656531376161376639656436343437326538366336643734
+35363464646131316366626234613737366633626166376339313832646239626265333637613261
+32353535356537323533373831396138326239643937623865613731373165393633626331623839
+66323039393136313431383264633731653965386261613336376263396531333862306562313337
+38346465613831613566353233346634373032663537353633643330363136343264
diff --git a/setup/configs/volumes.yml b/setup/configs/volumes.yml
new file mode 100644
index 0000000..2546f1c
--- /dev/null
+++ b/setup/configs/volumes.yml
@@ -0,0 +1,37 @@
+---
+ands_paths:
+ provision: /mnt/provision
+ openshift: /mnt/openshift
+ temporary: /mnt/temporary
+
+ands_heketi_domain:
+ servers: "storage_nodes"
+ volumes:
+ heketidbstorage: { type: "cfg" }
+
+ands_storage_domains:
+ - servers: "ands_storage_servers"
+ clients: "ands_servers"
+ volumes:
+ provision: { type: "cfg", mount: "{{ ands_paths.provision }}" }
+ - servers: "storage_nodes"
+ clients: "nodes"
+ volumes:
+ openshift: { type: "cfg", mount: "{{ ands_paths.openshift }}" }
+ temporary: { type: "tmp", mount: "{{ ands_paths.temporary }}" }
+# - ovirt:
+# - pdv:
+
+
+# Per project list (to distribute in multiple namespaces later)
+ands_openshift_volumes:
+ etc: { volume: "openshift", path: "/etc" }
+ src: { volume: "openshift", path: "/src" }
+ www: { volume: "openshift", path: "/www" }
+ log: { volume: "temporary", path: "/log", write: true}
+ tmp: { volume: "temporary", path: "/tmp", write: true}
+
+
+# Global list, we only take things from the volume of project
+ands_openshift_files:
+ - { osv: "etc", path: "apache2-kaas", state: "directory" }
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/README b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/README
new file mode 100644
index 0000000..f5e9661
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/README
@@ -0,0 +1,9 @@
+
+This directory holds configuration files for the Apache HTTP Server;
+any files in this directory which have the ".conf" extension will be
+processed as httpd configuration files. The directory is used in
+addition to the directory /etc/httpd/conf.modules.d/, which contains
+configuration files necessary to load modules.
+
+Files are processed in alphabetical order.
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf
new file mode 100644
index 0000000..55f658e
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/autoindex.conf
@@ -0,0 +1,94 @@
+#
+# Directives controlling the display of server-generated directory listings.
+#
+# Required modules: mod_authz_core, mod_authz_host,
+# mod_autoindex, mod_alias
+#
+# To see the listing of a directory, the Options directive for the
+# directory must include "Indexes", and the directory must not contain
+# a file matching those listed in the DirectoryIndex directive.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing HTMLTable VersionSort
+
+# We include the /icons/ alias for FancyIndexed directory listings. If
+# you do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "/opt/rh/httpd24/root/usr/share/httpd/icons/"
+
+<Directory "/opt/rh/httpd24/root/usr/share/httpd/icons">
+ Options Indexes MultiViews FollowSymlinks
+ AllowOverride None
+ Require all granted
+</Directory>
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions. These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif /core
+AddIcon /icons/bomb.gif */core.*
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes. These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes.
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing. Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf
new file mode 100644
index 0000000..a70324b
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/ssl.conf
@@ -0,0 +1,217 @@
+#
+# When we also provide SSL we have to listen to the
+# the HTTPS port in addition.
+#
+Listen 0.0.0.0:8443 https
+
+##
+## SSL Global Context
+##
+## All SSL configuration in this context applies both to
+## the main server and all SSL-enabled virtual hosts.
+##
+
+# Pass Phrase Dialog:
+# Configure the pass phrase gathering process.
+# The filtering dialog program (`builtin' is a internal
+# terminal dialog) has to provide the pass phrase on stdout.
+SSLPassPhraseDialog builtin
+
+# Inter-Process Session Cache:
+# Configure the SSL Session Cache: First the mechanism
+# to use and second the expiring timeout (in seconds).
+SSLSessionCache shmcb:/opt/rh/httpd24/root/var/run/httpd/sslcache(512000)
+SSLSessionCacheTimeout 300
+
+# Pseudo Random Number Generator (PRNG):
+# Configure one or more sources to seed the PRNG of the
+# SSL library. The seed data should be of good random quality.
+# WARNING! On some platforms /dev/random blocks if not enough entropy
+# is available. This means you then cannot use the /dev/random device
+# because it would lead to very long connection times (as long as
+# it requires to make more entropy available). But usually those
+# platforms additionally provide a /dev/urandom device which doesn't
+# block. So, if available, use this one instead. Read the mod_ssl User
+# Manual for more details.
+SSLRandomSeed startup file:/dev/urandom 256
+SSLRandomSeed connect builtin
+#SSLRandomSeed startup file:/dev/random 512
+#SSLRandomSeed connect file:/dev/random 512
+#SSLRandomSeed connect file:/dev/urandom 512
+
+#
+# Use "SSLCryptoDevice" to enable any supported hardware
+# accelerators. Use "openssl engine -v" to list supported
+# engine names. NOTE: If you enable an accelerator and the
+# server does not start, consult the error logs and ensure
+# your accelerator is functioning properly.
+#
+SSLCryptoDevice builtin
+#SSLCryptoDevice ubsec
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:8443>
+
+# General setup for the virtual host, inherited from global configuration
+#DocumentRoot "/var/www/html"
+#ServerName www.example.com:8443
+
+# Use separate log files for the SSL virtual host; note that LogLevel
+# is not inherited from httpd.conf.
+ErrorLog |/usr/bin/cat
+TransferLog |/usr/bin/cat
+LogLevel warn
+
+# SSL Engine Switch:
+# Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+# SSL Protocol support:
+# List the enable protocol levels with which clients will be able to
+# connect. Disable SSLv2 access by default:
+SSLProtocol all -SSLv2
+
+# SSL Cipher Suite:
+# List the ciphers that the client is permitted to negotiate.
+# See the mod_ssl documentation for a complete list.
+SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+
+# Speed-optimized SSL Cipher configuration:
+# If speed is your main concern (on busy HTTPS servers e.g.),
+# you might want to force clients to specific, performance
+# optimized ciphers. In this case, prepend those ciphers
+# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
+# Caveat: by giving precedence to RC4-SHA and AES128-SHA
+# (as in the example below), most connections will no longer
+# have perfect forward secrecy - if the server's key is
+# compromised, captures of past or future traffic must be
+# considered compromised, too.
+#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
+#SSLHonorCipherOrder on
+
+# Server Certificate:
+# Point SSLCertificateFile at a PEM encoded certificate. If
+# the certificate is encrypted, then you will be prompted for a
+# pass phrase. Note that a kill -HUP will prompt again. A new
+# certificate can be generated using the genkey(1) command.
+SSLCertificateFile /etc/pki/tls/certs/localhost.crt
+
+# Server Private Key:
+# If the key is not combined with the certificate, use this
+# directive to point at the key file. Keep in mind that if
+# you've both a RSA and a DSA private key you can configure
+# both in parallel (to also allow the use of DSA ciphers, etc.)
+SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
+
+# Server Certificate Chain:
+# Point SSLCertificateChainFile at a file containing the
+# concatenation of PEM encoded CA certificates which form the
+# certificate chain for the server certificate. Alternatively
+# the referenced file can be the same as SSLCertificateFile
+# when the CA certificates are directly appended to the server
+# certificate for convinience.
+#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
+
+# Certificate Authority (CA):
+# Set the CA certificate verification path where to find CA
+# certificates for client authentication or alternatively one
+# huge file containing all of them (file must be PEM encoded)
+#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
+
+# Client Authentication (Type):
+# Client certificate verification type and depth. Types are
+# none, optional, require and optional_no_ca. Depth is a
+# number which specifies how deeply to verify the certificate
+# issuer chain before deciding the certificate is not valid.
+#SSLVerifyClient require
+#SSLVerifyDepth 10
+
+# Access Control:
+# With SSLRequire you can do per-directory access control based
+# on arbitrary complex boolean expressions containing server
+# variable checks and other lookup directives. The syntax is a
+# mixture between C and Perl. See the mod_ssl documentation
+# for more details.
+#<Location />
+#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
+# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+# SSL Engine Options:
+# Set various options for the SSL engine.
+# o FakeBasicAuth:
+# Translate the client X.509 into a Basic Authorisation. This means that
+# the standard Auth/DBMAuth methods can be used for access control. The
+# user name is the `one line' version of the client's X.509 certificate.
+# Note that no password is obtained from the user. Every entry in the user
+# file needs this password: `xxj31ZMTZzkVA'.
+# o ExportCertData:
+# This exports two additional environment variables: SSL_CLIENT_CERT and
+# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+# server (always existing) and the client (only existing when client
+# authentication is used). This can be used to import the certificates
+# into CGI scripts.
+# o StdEnvVars:
+# This exports the standard SSL/TLS related `SSL_*' environment variables.
+# Per default this exportation is switched off for performance reasons,
+# because the extraction step is an expensive operation and is usually
+# useless for serving static content. So one usually enables the
+# exportation for CGI and SSI requests only.
+# o StrictRequire:
+# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+# under a "Satisfy any" situation, i.e. when it applies access is denied
+# and no other module can change it.
+# o OptRenegotiate:
+# This enables optimized SSL connection renegotiation handling when SSL
+# directives are used in per-directory context.
+#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+ SSLOptions +StdEnvVars
+</Files>
+<Directory "/var/www/cgi-bin">
+ SSLOptions +StdEnvVars
+</Directory>
+
+# SSL Protocol Adjustments:
+# The safe and default but still SSL/TLS standard compliant shutdown
+# approach is that mod_ssl sends the close notify alert but doesn't wait for
+# the close notify alert from client. When you need a different shutdown
+# approach you can use one of the following variables:
+# o ssl-unclean-shutdown:
+# This forces an unclean shutdown when the connection is closed, i.e. no
+# SSL close notify alert is send or allowed to received. This violates
+# the SSL/TLS standard but is needed for some brain-dead browsers. Use
+# this when you receive I/O errors because of the standard approach where
+# mod_ssl sends the close notify alert.
+# o ssl-accurate-shutdown:
+# This forces an accurate shutdown when the connection is closed, i.e. a
+# SSL close notify alert is send and mod_ssl waits for the close notify
+# alert of the client. This is 100% SSL/TLS standard compliant, but in
+# practice often causes hanging connections with brain-dead browsers. Use
+# this only for browsers where you know that their SSL implementation
+# works correctly.
+# Notice: Most problems of broken clients are also related to the HTTP
+# keep-alive facility, so you usually additionally want to disable
+# keep-alive for those clients, too. Use variable "nokeepalive" for this.
+# Similarly, one has to force some clients to use HTTP/1.0 to workaround
+# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
+# "force-response-1.0" for this.
+BrowserMatch "MSIE [2-5]" \
+ nokeepalive ssl-unclean-shutdown \
+ downgrade-1.0 force-response-1.0
+
+# Per-Server Logging:
+# The home of a custom SSL log file. Use this when you want a
+# compact non-error SSL logfile on a virtual host basis.
+CustomLog |/usr/bin/cat \
+ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf
new file mode 100644
index 0000000..b5d7a49
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/userdir.conf
@@ -0,0 +1,36 @@
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+# The path to the end user account 'public_html' directory must be
+# accessible to the webserver userid. This usually means that ~userid
+# must have permissions of 711, ~userid/public_html must have permissions
+# of 755, and documents contained therein must be world-readable.
+# Otherwise, the client will only receive a "403 Forbidden" message.
+#
+<IfModule mod_userdir.c>
+ #
+ # UserDir is disabled by default since it can confirm the presence
+ # of a username on the system (depending on home directory
+ # permissions).
+ #
+ UserDir disabled
+
+ #
+ # To enable requests to /~user/ to serve the user's public_html
+ # directory, remove the "UserDir disabled" line above, and uncomment
+ # the following line instead:
+ #
+ #UserDir public_html
+</IfModule>
+
+#
+# Control access to UserDir directories. The following is an example
+# for a site where these directories are restricted to read-only.
+#
+<Directory "/home/*/public_html">
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require method GET POST OPTIONS
+</Directory>
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf
new file mode 100644
index 0000000..34b4b72
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.d/welcome.conf
@@ -0,0 +1,18 @@
+#
+# This configuration file enables the default "Welcome" page if there
+# is no default index page present for the root URL. To disable the
+# Welcome page, comment out all the lines below.
+#
+# NOTE: if this file is removed, it will be restored on upgrades.
+#
+<LocationMatch "^/+$">
+ Options -Indexes
+ ErrorDocument 403 /.noindex.html
+</LocationMatch>
+
+<Directory /opt/rh/httpd24/root/usr/share/httpd/noindex>
+ AllowOverride None
+ Require all granted
+</Directory>
+
+Alias /.noindex.html /opt/rh/httpd24/root/usr/share/httpd/noindex/index.html
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf
new file mode 100644
index 0000000..c109de6
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-base.conf
@@ -0,0 +1,67 @@
+#
+# This file loads most of the modules included with the Apache HTTP
+# Server itself.
+#
+
+LoadModule access_compat_module modules/mod_access_compat.so
+LoadModule actions_module modules/mod_actions.so
+LoadModule alias_module modules/mod_alias.so
+LoadModule allowmethods_module modules/mod_allowmethods.so
+LoadModule auth_basic_module modules/mod_auth_basic.so
+LoadModule auth_digest_module modules/mod_auth_digest.so
+LoadModule authn_anon_module modules/mod_authn_anon.so
+LoadModule authn_core_module modules/mod_authn_core.so
+LoadModule authn_dbd_module modules/mod_authn_dbd.so
+LoadModule authn_dbm_module modules/mod_authn_dbm.so
+LoadModule authn_file_module modules/mod_authn_file.so
+LoadModule authn_socache_module modules/mod_authn_socache.so
+LoadModule authz_core_module modules/mod_authz_core.so
+LoadModule authz_dbd_module modules/mod_authz_dbd.so
+LoadModule authz_dbm_module modules/mod_authz_dbm.so
+LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
+LoadModule authz_host_module modules/mod_authz_host.so
+LoadModule authz_owner_module modules/mod_authz_owner.so
+LoadModule authz_user_module modules/mod_authz_user.so
+LoadModule autoindex_module modules/mod_autoindex.so
+LoadModule cache_module modules/mod_cache.so
+LoadModule cache_disk_module modules/mod_cache_disk.so
+LoadModule cache_socache_module modules/mod_cache_socache.so
+LoadModule data_module modules/mod_data.so
+LoadModule dbd_module modules/mod_dbd.so
+LoadModule deflate_module modules/mod_deflate.so
+LoadModule dir_module modules/mod_dir.so
+LoadModule dumpio_module modules/mod_dumpio.so
+LoadModule echo_module modules/mod_echo.so
+LoadModule env_module modules/mod_env.so
+LoadModule expires_module modules/mod_expires.so
+LoadModule ext_filter_module modules/mod_ext_filter.so
+LoadModule filter_module modules/mod_filter.so
+LoadModule headers_module modules/mod_headers.so
+LoadModule http2_module modules/mod_http2.so
+LoadModule include_module modules/mod_include.so
+LoadModule info_module modules/mod_info.so
+LoadModule log_config_module modules/mod_log_config.so
+LoadModule logio_module modules/mod_logio.so
+LoadModule macro_module modules/mod_macro.so
+LoadModule mime_magic_module modules/mod_mime_magic.so
+LoadModule mime_module modules/mod_mime.so
+LoadModule negotiation_module modules/mod_negotiation.so
+LoadModule remoteip_module modules/mod_remoteip.so
+LoadModule reqtimeout_module modules/mod_reqtimeout.so
+LoadModule request_module modules/mod_request.so
+LoadModule rewrite_module modules/mod_rewrite.so
+LoadModule setenvif_module modules/mod_setenvif.so
+LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
+LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
+LoadModule socache_dbm_module modules/mod_socache_dbm.so
+LoadModule socache_memcache_module modules/mod_socache_memcache.so
+LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
+LoadModule status_module modules/mod_status.so
+LoadModule substitute_module modules/mod_substitute.so
+LoadModule suexec_module modules/mod_suexec.so
+LoadModule unique_id_module modules/mod_unique_id.so
+LoadModule unixd_module modules/mod_unixd.so
+LoadModule userdir_module modules/mod_userdir.so
+LoadModule version_module modules/mod_version.so
+LoadModule vhost_alias_module modules/mod_vhost_alias.so
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf
new file mode 100644
index 0000000..e6af8de
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-dav.conf
@@ -0,0 +1,3 @@
+LoadModule dav_module modules/mod_dav.so
+LoadModule dav_fs_module modules/mod_dav_fs.so
+LoadModule dav_lock_module modules/mod_dav_lock.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf
new file mode 100644
index 0000000..9e0d0db
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-lua.conf
@@ -0,0 +1 @@
+LoadModule lua_module modules/mod_lua.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf
new file mode 100644
index 0000000..7bfd1d4
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-mpm.conf
@@ -0,0 +1,19 @@
+# Select the MPM module which should be used by uncommenting exactly
+# one of the following LoadModule lines:
+
+# prefork MPM: Implements a non-threaded, pre-forking web server
+# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+
+# worker MPM: Multi-Processing Module implementing a hybrid
+# multi-threaded multi-process web server
+# See: http://httpd.apache.org/docs/2.4/mod/worker.html
+#
+#LoadModule mpm_worker_module modules/mod_mpm_worker.so
+
+# event MPM: A variant of the worker MPM with the goal of consuming
+# threads only for connections with active processing
+# See: http://httpd.apache.org/docs/2.4/mod/event.html
+#
+#LoadModule mpm_event_module modules/mod_mpm_event.so
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf
new file mode 100644
index 0000000..70bda5e
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-optional.conf
@@ -0,0 +1,20 @@
+#
+# This file lists modules included with the Apache HTTP Server
+# which are not enabled by default.
+#
+
+#LoadModule asis_module modules/mod_asis.so
+#LoadModule buffer_module modules/mod_buffer.so
+#LoadModule file_cache_module modules/mod_file_cache.so
+#LoadModule watchdog_module modules/mod_watchdog.so
+#LoadModule heartbeat_module modules/mod_heartbeat.so
+#LoadModule heartmonitor_module modules/mod_heartmonitor.so
+#LoadModule usertrack_module modules/mod_usertrack.so
+#LoadModule dialup_module modules/mod_dialup.so
+#LoadModule charset_lite_module modules/mod_charset_lite.so
+#LoadModule log_debug_module modules/mod_log_debug.so
+#LoadModule log_forensic_module modules/mod_log_forensic.so
+#LoadModule ratelimit_module modules/mod_ratelimit.so
+#LoadModule reflector_module modules/mod_reflector.so
+#LoadModule sed_module modules/mod_sed.so
+#LoadModule speling_module modules/mod_speling.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf
new file mode 100644
index 0000000..cc0bca0
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-proxy.conf
@@ -0,0 +1,16 @@
+# This file configures all the proxy modules:
+LoadModule proxy_module modules/mod_proxy.so
+LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
+LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
+LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
+LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
+LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
+LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+LoadModule proxy_connect_module modules/mod_proxy_connect.so
+LoadModule proxy_express_module modules/mod_proxy_express.so
+LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
+LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
+LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
+LoadModule proxy_http_module modules/mod_proxy_http.so
+LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
+LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf
new file mode 100644
index 0000000..53235cd
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-ssl.conf
@@ -0,0 +1 @@
+LoadModule ssl_module modules/mod_ssl.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf
new file mode 100644
index 0000000..b208c97
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/00-systemd.conf
@@ -0,0 +1,2 @@
+# This file configures systemd module:
+LoadModule systemd_module modules/mod_systemd.so
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf
new file mode 100644
index 0000000..5b8b936
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf.modules.d/01-cgi.conf
@@ -0,0 +1,14 @@
+# This configuration file loads a CGI module appropriate to the MPM
+# which has been configured in 00-mpm.conf. mod_cgid should be used
+# with a threaded MPM; mod_cgi with the prefork MPM.
+
+<IfModule mpm_worker_module>
+ LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_event_module>
+ LoadModule cgid_module modules/mod_cgid.so
+</IfModule>
+<IfModule mpm_prefork_module>
+ LoadModule cgi_module modules/mod_cgi.so
+</IfModule>
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf b/setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf
new file mode 100644
index 0000000..88fcb97
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf/httpd.conf
@@ -0,0 +1,353 @@
+#
+# This is the main Apache HTTP server configuration file. It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
+# In particular, see
+# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
+# for a discussion of each configuration directive.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do. They're here only as hints or reminders. If you are unsure
+# consult the online docs. You have been warned.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path. If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
+# with ServerRoot set to '/www' will be interpreted by the
+# server as '/www/log/access_log', where as '/log/access_log' will be
+# interpreted as '/log/access_log'.
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# Do not add a slash at the end of the directory path. If you point
+# ServerRoot at a non-local disk, be sure to specify a local disk on the
+# Mutex directive, if file-based mutexes are used. If you wish to share the
+# same ServerRoot for multiple httpd daemons, you will need to change at
+# least PidFile.
+#
+ServerRoot "/opt/rh/httpd24/root/etc/httpd"
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to
+# prevent Apache from glomming onto all bound IP addresses.
+#
+#Listen 12.34.56.78:80
+Listen 0.0.0.0:8080
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+Include conf.modules.d/*.conf
+
+#
+# If you wish httpd to run as a different user or group, you must run
+# httpd as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run httpd as.
+# It is usually good practice to create a dedicated user and group for
+# running httpd, as with most system services.
+#
+User default
+Group root
+
+# 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition. These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed. This address appears on some server-generated pages, such
+# as error documents. e.g. admin@your-domain.com
+#
+ServerAdmin root@localhost
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+#
+#ServerName www.example.com:80
+
+#
+# Deny access to the entirety of your server's filesystem. You must
+# explicitly permit access to web content directories in other
+# <Directory> blocks below.
+#
+<Directory />
+ AllowOverride none
+ Require all denied
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "/opt/rh/httpd24/root/var/www/html"
+
+#
+# Relax access to content within /opt/rh/httpd24/root/var/www.
+#
+<Directory "/opt/rh/httpd24/root/var/www">
+ AllowOverride None
+ # Allow open access:
+ Require all granted
+</Directory>
+
+# Further relax access to the default document root:
+<Directory "/opt/rh/httpd24/root/var/www/html">
+ #
+ # Possible values for the Options directive are "None", "All",
+ # or any combination of:
+ # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+ #
+ # Note that "MultiViews" must be named *explicitly* --- "Options All"
+ # doesn't give it to you.
+ #
+ # The Options directive is both complicated and important. Please see
+ # http://httpd.apache.org/docs/2.4/mod/core.html#options
+ # for more information.
+ #
+ Options Indexes FollowSymLinks
+
+ #
+ # AllowOverride controls what directives may be placed in .htaccess files.
+ # It can be "All", "None", or any combination of the keywords:
+ # Options FileInfo AuthConfig Limit
+ #
+ AllowOverride All
+
+ #
+ # Controls who can get stuff from this server.
+ #
+ Require all granted
+</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+<IfModule dir_module>
+ DirectoryIndex index.html
+</IfModule>
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being
+# viewed by Web clients.
+#
+<Files ".ht*">
+ Require all denied
+</Files>
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here. If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog |/usr/bin/cat
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+LogLevel warn
+
+<IfModule log_config_module>
+ #
+ # The following directives define some format nicknames for use with
+ # a CustomLog directive (see below).
+ #
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+ LogFormat "%h %l %u %t \"%r\" %>s %b" common
+
+ <IfModule logio_module>
+ # You need to enable mod_logio.c to use %I and %O
+ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+ </IfModule>
+
+ #
+ # The location and format of the access logfile (Common Logfile Format).
+ # If you do not define any access logfiles within a <VirtualHost>
+ # container, they will be logged here. Contrariwise, if you *do*
+ # define per-<VirtualHost> access logfiles, transactions will be
+ # logged therein and *not* in this file.
+ #
+ #CustomLog "logs/access_log" common
+
+ #
+ # If you prefer a logfile with access, agent, and referer information
+ # (Combined Logfile Format) you can use the following directive.
+ #
+ CustomLog |/usr/bin/cat combined
+</IfModule>
+
+<IfModule alias_module>
+ #
+ # Redirect: Allows you to tell clients about documents that used to
+ # exist in your server's namespace, but do not anymore. The client
+ # will make a new request for the document at its new location.
+ # Example:
+ # Redirect permanent /foo http://www.example.com/bar
+
+ #
+ # Alias: Maps web paths into filesystem paths and is used to
+ # access content that does not live under the DocumentRoot.
+ # Example:
+ # Alias /webpath /full/filesystem/path
+ #
+ # If you include a trailing / on /webpath then the server will
+ # require it to be present in the URL. You will also likely
+ # need to provide a <Directory> section to allow access to
+ # the filesystem path.
+
+ #
+ # ScriptAlias: This controls which directories contain server scripts.
+ # ScriptAliases are essentially the same as Aliases, except that
+ # documents in the target directory are treated as applications and
+ # run by the server when requested rather than as documents sent to the
+ # client. The same rules about trailing "/" apply to ScriptAlias
+ # directives as to Alias.
+ #
+ ScriptAlias /cgi-bin/ "/opt/rh/httpd24/root/var/www/cgi-bin/"
+
+</IfModule>
+
+#
+# "/opt/rh/httpd24/root/var/www/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "/opt/rh/httpd24/root/var/www/cgi-bin">
+ AllowOverride None
+ Options None
+ Require all granted
+</Directory>
+
+<IfModule mime_module>
+ #
+ # TypesConfig points to the file containing the list of mappings from
+ # filename extension to MIME-type.
+ #
+ TypesConfig /etc/mime.types
+
+ #
+ # AddType allows you to add to or override the MIME configuration
+ # file specified in TypesConfig for specific file types.
+ #
+ #AddType application/x-gzip .tgz
+ #
+ # AddEncoding allows you to have certain browsers uncompress
+ # information on the fly. Note: Not all browsers support this.
+ #
+ #AddEncoding x-compress .Z
+ #AddEncoding x-gzip .gz .tgz
+ #
+ # If the AddEncoding directives above are commented-out, then you
+ # probably should define those extensions to indicate media types:
+ #
+ AddType application/x-compress .Z
+ AddType application/x-gzip .gz .tgz
+
+ #
+ # AddHandler allows you to map certain file extensions to "handlers":
+ # actions unrelated to filetype. These can be either built into the server
+ # or added with the Action directive (see below)
+ #
+ # To use CGI scripts outside of ScriptAliased directories:
+ # (You will also need to add "ExecCGI" to the "Options" directive.)
+ #
+ #AddHandler cgi-script .cgi
+
+ # For type maps (negotiated resources):
+ #AddHandler type-map var
+
+ #
+ # Filters allow you to process content before it is sent to the client.
+ #
+ # To parse .shtml files for server-side includes (SSI):
+ # (You will also need to add "Includes" to the "Options" directive.)
+ #
+ AddType text/html .shtml
+ AddOutputFilter INCLUDES .shtml
+</IfModule>
+
+#
+# Specify a default charset for all content served; this enables
+# interpretation of all content as UTF-8 by default. To use the
+# default browser choice (ISO-8859-1), or to allow the META tags
+# in HTML content to override this choice, comment out this
+# directive:
+#
+AddDefaultCharset UTF-8
+
+<IfModule mime_magic_module>
+ #
+ # The mod_mime_magic module allows the server to use various hints from the
+ # contents of the file itself to determine its type. The MIMEMagicFile
+ # directive tells the module where the hint definitions are located.
+ #
+ MIMEMagicFile conf/magic
+</IfModule>
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# EnableMMAP and EnableSendfile: On systems that support it,
+# memory-mapping or the sendfile syscall may be used to deliver
+# files. This usually improves server performance, but must
+# be turned off when serving from networked-mounted
+# filesystems or if support for these functions is otherwise
+# broken on your system.
+# Defaults if commented: EnableMMAP On, EnableSendfile Off
+#
+#EnableMMAP off
+EnableSendfile on
+
+# Supplemental configuration
+#
+# Load config files in the "/etc/httpd/conf.d" directory, if any.
+IncludeOptional conf.d/*.conf
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/conf/magic b/setup/projects/katrin/files/etc/apache2-kaas/conf/magic
new file mode 100644
index 0000000..7c56119
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/conf/magic
@@ -0,0 +1,385 @@
+# Magic data for mod_mime_magic Apache module (originally for file(1) command)
+# The module is described in /manual/mod/mod_mime_magic.html
+#
+# The format is 4-5 columns:
+# Column #1: byte number to begin checking from, ">" indicates continuation
+# Column #2: type of data to match
+# Column #3: contents of data to match
+# Column #4: MIME type of result
+# Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff: file(1) magic for locally observed files
+# Add any locally observed files here.
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Java
+
+0 short 0xcafe
+>2 short 0xbabe application/java
+
+#------------------------------------------------------------------------------
+# audio: file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0 string .snd
+>12 belong 1 audio/basic
+>12 belong 2 audio/basic
+>12 belong 3 audio/basic
+>12 belong 4 audio/basic
+>12 belong 5 audio/basic
+>12 belong 6 audio/basic
+>12 belong 7 audio/basic
+
+>12 belong 23 audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0 lelong 0x0064732E
+>12 lelong 1 audio/x-dec-basic
+>12 lelong 2 audio/x-dec-basic
+>12 lelong 3 audio/x-dec-basic
+>12 lelong 4 audio/x-dec-basic
+>12 lelong 5 audio/x-dec-basic
+>12 lelong 6 audio/x-dec-basic
+>12 lelong 7 audio/x-dec-basic
+# compressed (G.721 ADPCM)
+>12 lelong 23 audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+# AIFF audio data
+8 string AIFF audio/x-aiff
+# AIFF-C audio data
+8 string AIFC audio/x-aiff
+# IFF/8SVX audio data
+8 string 8SVX audio/x-aiff
+
+# Creative Labs AUDIO stuff
+# Standard MIDI data
+0 string MThd audio/unknown
+#>9 byte >0 (format %d)
+#>11 byte >1 using %d channels
+# Creative Music (CMF) data
+0 string CTMF audio/unknown
+# SoundBlaster instrument data
+0 string SBI audio/unknown
+# Creative Labs voice data
+0 string Creative\ Voice\ File audio/unknown
+## is this next line right? it came this way...
+#>19 byte 0x1A
+#>23 byte >0 - version %d
+#>22 byte >0 \b.%d
+
+# [GRR 950115: is this also Creative Labs? Guessing that first line
+# should be string instead of unknown-endian long...]
+#0 long 0x4e54524b MultiTrack sound data
+#0 string NTRK MultiTrack sound data
+#>4 long x - version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
+# Microsoft RIFF
+0 string RIFF audio/unknown
+# - WAVE format
+>8 string WAVE audio/x-wav
+# MPEG audio.
+0 beshort&0xfff0 0xfff0 audio/mpeg
+# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
+0 string PSID audio/prs.sid
+
+#------------------------------------------------------------------------------
+# c-lang: file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0 string /*\ XPM image/x-xbm 7bit
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+# C or REXX program text
+0 string /* text/plain
+# C++ program text
+0 string // text/plain
+
+#------------------------------------------------------------------------------
+# compress: file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+0 string \037\235 application/octet-stream x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+0 string \037\213 application/octet-stream x-gzip
+
+# According to gzip.h, this is the correct byte order for packed data.
+0 string \037\036 application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0 short 017437 application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0 short 0x1fff application/octet-stream
+0 string \377\037 application/octet-stream
+# huf output
+0 short 0145405 application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats. Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+# Keith Waclena <keith@cerberus.uchicago.edu>
+#0 leshort 0x76FF squeezed data (CP/M, DOS)
+#0 leshort 0x76FE crunched data (CP/M, DOS)
+
+# Freeze
+#0 string \037\237 Frozen file 2.1
+#0 string \037\236 Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0 string \037\240 LZH compressed data
+
+#------------------------------------------------------------------------------
+# frame: file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0 string \<MakerFile application/x-frame
+0 string \<MIFFile application/x-frame
+0 string \<MakerDictionary application/x-frame
+0 string \<MakerScreenFon application/x-frame
+0 string \<MML application/x-frame
+0 string \<Book application/x-frame
+0 string \<Maker application/x-frame
+
+#------------------------------------------------------------------------------
+# html: file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+# and Anna Shergold <anna@inext.co.uk>
+#
+0 string \<!DOCTYPE\ HTML text/html
+0 string \<!doctype\ html text/html
+0 string \<HEAD text/html
+0 string \<head text/html
+0 string \<TITLE text/html
+0 string \<title text/html
+0 string \<html text/html
+0 string \<HTML text/html
+0 string \<!-- text/html
+0 string \<h1 text/html
+0 string \<H1 text/html
+
+# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
+0 string \<?xml text/xml
+
+#------------------------------------------------------------------------------
+# images: file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR: TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR: what the hell is this doing in here?]
+#0 string xbtoa btoa'd file
+
+# PBMPLUS
+# PBM file
+0 string P1 image/x-portable-bitmap 7bit
+# PGM file
+0 string P2 image/x-portable-greymap 7bit
+# PPM file
+0 string P3 image/x-portable-pixmap 7bit
+# PBM "rawbits" file
+0 string P4 image/x-portable-bitmap
+# PGM "rawbits" file
+0 string P5 image/x-portable-greymap
+# PPM "rawbits" file
+0 string P6 image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR: this *must* go before TIFF]
+0 string IIN1 image/x-niff
+
+# TIFF and friends
+# TIFF file, big-endian
+0 string MM image/tiff
+# TIFF file, little-endian
+0 string II image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115: this was mine ("Zip GIF"):
+# ZIF image (GIF+deflate alpha)
+0 string GIF94z image/unknown
+#
+# GRR 950115: this is Jeremy Wohl's Free Graphics Format (better):
+# FGF image (GIF+deflate beta)
+0 string FGF95a image/unknown
+#
+# GRR 950115: this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+# PBF image (deflate compression)
+0 string PBF image/unknown
+
+# GIF
+0 string GIF image/gif
+
+# JPEG images
+0 beshort 0xffd8 image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files) (Greg Roelofs, newt@uchicago.edu)
+0 string BM image/bmp
+#>14 byte 12 (OS/2 1.x format)
+#>14 byte 64 (OS/2 2.x format)
+#>14 byte 40 (Windows 3.x format)
+#0 string IC icon
+#0 string PI pointer
+#0 string CI color icon
+#0 string CP color pointer
+#0 string BA bitmap array
+
+0 string \x89PNG image/png
+0 string FWS application/x-shockwave-flash
+0 string CWS application/x-shockwave-flash
+
+#------------------------------------------------------------------------------
+# lisp: file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0 string ;; text/plain 8bit
+# Emacs 18 - this is always correct, but not very magical.
+0 string \012( application/x-elc
+# Emacs 19
+0 string ;ELC\023\000\000\000 application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news: file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0 string Relay-Version: message/rfc822 7bit
+0 string #!\ rnews message/rfc822 7bit
+0 string N#!\ rnews message/rfc822 7bit
+0 string Forward\ to message/rfc822 7bit
+0 string Pipe\ to message/rfc822 7bit
+0 string Return-Path: message/rfc822 7bit
+0 string Path: message/news 8bit
+0 string Xref: message/news 8bit
+0 string From: message/rfc822 7bit
+0 string Article message/news 8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0 string \376\067\0\043 application/msword
+0 string \333\245-\0\0\0 application/msword
+
+# disable this one because it applies also to other
+# Office/OLE documents for which msword is not correct. See PR#2608.
+#0 string \320\317\021\340\241\261 application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer: file(1) magic for printer-formatted files
+#
+
+# PostScript
+0 string %! application/postscript
+0 string \004%! application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0 string %PDF- application/pdf
+
+#------------------------------------------------------------------------------
+# sc: file(1) magic for "sc" spreadsheet
+#
+38 string Spreadsheet application/x-sc
+
+#------------------------------------------------------------------------------
+# tex: file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0 string \367\002 application/x-dvi
+#0 string \367\203 TeX generic font data
+#0 string \367\131 TeX packed font data
+#0 string \367\312 TeX virtual font data
+#0 string This\ is\ TeX, TeX transcript text
+#0 string This\ is\ METAFONT, METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data. The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+#2 string \000\021 TeX font metric data
+#2 string \000\022 TeX font metric data
+#>34 string >\0 (%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+#0 string \\input\ texinfo Texinfo source text
+#0 string This\ is\ Info\ file GNU Info text
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0 leshort 0x02f7 application/x-dvi
+
+# RTF - Rich Text Format
+0 string {\\rtf application/rtf
+
+#------------------------------------------------------------------------------
+# animation: file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+# MPEG file
+0 string \000\000\001\263 video/mpeg
+#
+# The contributor claims:
+# I couldn't find a real magic number for these, however, this
+# -appears- to work. Note that it might catch other files, too,
+# so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+# DL file version 1 , medium format (160x100, 4 images/screen)
+0 byte 1 video/unknown
+0 byte 2 video/unknown
+# Quicktime video, from Linus Walleij <triad@df.lth.se>
+# from Apple quicktime file format documentation.
+4 string moov video/quicktime
+4 string mdat video/quicktime
+
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/logs b/setup/projects/katrin/files/etc/apache2-kaas/logs
new file mode 120000
index 0000000..2a478fd
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/logs
@@ -0,0 +1 @@
+/var/log/httpd24 \ No newline at end of file
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/modules b/setup/projects/katrin/files/etc/apache2-kaas/modules
new file mode 120000
index 0000000..a4c456b
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/modules
@@ -0,0 +1 @@
+/opt/rh/httpd24/root/usr/lib64/httpd/modules \ No newline at end of file
diff --git a/setup/projects/katrin/files/etc/apache2-kaas/run b/setup/projects/katrin/files/etc/apache2-kaas/run
new file mode 120000
index 0000000..c1a28cf
--- /dev/null
+++ b/setup/projects/katrin/files/etc/apache2-kaas/run
@@ -0,0 +1 @@
+/opt/rh/httpd24/root/var/run/httpd \ No newline at end of file
diff --git a/setup/projects/katrin/files/www/kaas/index.html b/setup/projects/katrin/files/www/kaas/index.html
new file mode 100644
index 0000000..906ee19
--- /dev/null
+++ b/setup/projects/katrin/files/www/kaas/index.html
@@ -0,0 +1 @@
+<html><body>KAAS</body></html>
diff --git a/setup/projects/katrin/keys/kaas.crt b/setup/projects/katrin/keys/kaas.crt
new file mode 100644
index 0000000..82ef723
--- /dev/null
+++ b/setup/projects/katrin/keys/kaas.crt
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
+BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK
+DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN
+MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG
+A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD
+VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B
+AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I
+ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU
+GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n
+qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH
+DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3
+060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV
+HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu
+cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL
+ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x
+G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs
+WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6
+/ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE
+qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp
+j5rXZ3Oda5tHYrnPsA==
+-----END CERTIFICATE-----
diff --git a/setup/projects/katrin/keys/kaas.key b/setup/projects/katrin/keys/kaas.key
new file mode 100644
index 0000000..3d766c8
--- /dev/null
+++ b/setup/projects/katrin/keys/kaas.key
@@ -0,0 +1,90 @@
+$ANSIBLE_VAULT;1.1;AES256
+38323634333239303134316164343132636432356331393634343164663065353733323732656339
+6363343738363234626565343665326365343366363166370a623263626134646332393231656566
+37366136353864366562633832316338353233653930333430383235643337623433393464613765
+3734626432316164300a656139383462653761306435346433346637616565393132396137376661
+64643835393132633831386638613764613164663036356233663861653138613465663434643161
+36333666323862636665396261333532313833393038326339343136363239356235313463333661
+61316664366437333064336531333538333734356238323561626163313031383833613233386438
+64616337323230626463643535393831666363373864393432633539323732393266356232636663
+63303263393337643831376537386666373737656364663162663164353961323264373462366636
+38346163396139636131323134613337613164623533353163616539643333623264336434333662
+33386538646239336639303230653335626434633131336135393831656666326130383034656664
+65313766623466663138333062343061393532353630363532656139373939643362613265626461
+31666166393433646135353936373836636435613432646435643264653338306532656361316537
+62316164393638356635633931316537326262343561663165643837396365653461356432666433
+32326262336164376663343363353134373563653933616531653936333265383762613534363832
+36393765383032383762383961623462306334323463353739663362363336343130633935383064
+35396531343032656335623239373565376633313665313132656162626535656133633063396131
+31333936623738653435633562623061393961343736323539373464303735376266353232393639
+61353661663934313333363935346164316664616632396434353436646437313861303763326430
+34363335653564373963376162393836353234306534306334666263633261366434663265333134
+63633431303530616637633731366539613538313839653864336436633230303730653935366661
+62303765383834663230303334373865346630643739363336366537343465346361313530643436
+35653533313565663638363432656239366261316261613437353933643365623766353838386430
+39386539636332373732356334656365646362336539623934353337623264663866323866323966
+62633932316136623866393461333866396333373934333461323533323866303533333737366261
+33383131303932663231646238343661363565613466333463303262343831653839323162613134
+64633465343932643465653934646533366266656437616337643537383932623238633230346462
+39396263393431663631383931303063666539336432663730623338366439343739316539663364
+38626233333561313836616634306437653662323265633832343632336633396634326364323531
+38633836343063653037623666396534303032366136333737663562633763323831663265343466
+65643361643436613533386139336238633032616235363035396532646637383338383639393861
+65346661616534313764313738363131336235333662353735333466656635393233336332616435
+39326338323436646337313935373535396165386338626563363863633139353038373434613466
+35613565313734346361643664366533666663396664326164396534303638333831666631323063
+33343032636331643464633237363561653236656663346232663465663936633335643765666435
+62306536313464363333656437313264323065663436373464356338623264313464623937313934
+32623234393163653732376663333263633031626335353033613937393661336338383463626534
+30373261663732373535643831626565666136336666396130636434373034316132353238656234
+37646133383164356566306665393432376561383435653463363239343136303133373433346231
+38623833643863633433306466376639633066623733333435316233326539303239666232616264
+62306436613931303032653734633737613066653235623930386261626565643436653632336639
+36313066663933366562366236633965323534336361646131383432393634646564306532656162
+39303430643534333338663962346266663532623064303133366662313661626139373236636664
+63326435623838613039386134303663323439373639616634633266353334653737666434383037
+34306638306264393434653630373661373564613935303766363039666333303161373533316134
+36343632626265306239656361383939353736343139373437373162303437623236666137633666
+62626364353164373237306330313464623363643466343439653465353938663831323634363634
+37386635396261306366376630326534613337356235613863313632326435356461353730343339
+34393636316333373435326236363238656332616333393663653465326434396262313466336365
+38336635363762313530616666666335653865376363623965333064366462373030333735333630
+62653965666630613061646265376130626263313032323038626430383233666563646639373339
+30313032393237623634666464383635396431393866303530383235633265313161383563363532
+66336261336638616335356262303436633765363336616535633734313037383136313635313366
+33303963383135343064613637353432666461353661643834376666386633663964663565386465
+39616634343835323362613362376662326463633139653163313437636238386430623234663936
+63623566393434303937343461366361363661653364626265366630333036623735323435306332
+35666265383130313438353965353239343135663937613362323530323734626234633037326135
+32336266373734623534353239373238333333626537666433636261653333626137653335656331
+30326563666664316537316633643661626239366536333134376662643735386634396430633132
+39636266656131363063343731643366376664623062656262396235663636386564346364373533
+63633961656539386630643639383162303661656134363334373166303233346263646335393535
+37373131633834316239326265326266386230383430653564663138636334323736313363303561
+32353932366637316433333538353032396339366538636261613963613865396231646437313339
+63376635656466346165626361336161333638366166356431336361343761613431303161626462
+36613266393633643333386238656161393337326637353464646264356139326466353763393465
+33383564323333313861336565323762386539303737306362613930646330653636396466303238
+38636365343234663436363334303439666366366462633537393362623133376430616136376235
+33616561353764643236636633633561633230303338613136343537353236316666376537393836
+35383336626662353562383034653532303663613033316534623832333633633737613266343665
+34393235623231336533613331643566303237623238663762393331373636623065643666393137
+61383264356564663165326266626263303363376634303238323861633533396137666163343162
+64636633333033373138313133346539333634373265396231653665323062396432383435393864
+32633763646230343639646637626434353336346265643439653863366335363935343934623334
+32636534366435383863353065393731613361343336633364303061303432366230393431393939
+33666632656135343263373934326262643936383337343137353434633434636535623835346439
+30653437376538373961306439343966343039303262396339343866313937383231616465336332
+64663434643466336665376462356561353266313730336435623832643230376434636536356163
+34613964343132356233623966316462643737613234373466643164353133303837653237306536
+62616661373466383232353861653734363562343337343333353763656562616535373536306461
+66303131616163623835363366653737643933383938383735353635646234613064316533346330
+63633732326434653939323534366637333932313637326536316430326338666263343163363735
+35333435353238396236316132393838663430313137346362313865386135646234346530346261
+63373062303637336662373763393239646133633933613066643263326130396134343332633464
+32613061383665666266353264653732663765353832656364396235313339626565656133653735
+63663230316533666462396436396465363333363862356330656565633466363439363338383339
+37386462623035393931313938653064376239393863643831633431333633373938363132333030
+61623539636430316431616162383963663061353164313735306365353965336233663239656336
+30346531383561356439323062333263646536646232643263353533653563653634633962343933
+36356164306132386530373437396263393461373036333938343763386664653462
diff --git a/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
new file mode 100644
index 0000000..d155267
--- /dev/null
+++ b/setup/projects/katrin/templates/00-katrin-restricted.yml.j2.excl
@@ -0,0 +1,43 @@
+---
+allowHostDirVolumePlugin: false
+allowHostIPC: false
+allowHostNetwork: false
+allowHostPID: false
+allowHostPorts: false
+allowPrivilegedContainer: false
+allowedCapabilities: null
+apiVersion: v1
+defaultAddCapabilities: null
+fsGroup:
+ type: MustRunAs
+groups:
+- system:authenticated
+kind: SecurityContextConstraints
+metadata:
+ annotations:
+ kubernetes.io/description: restricted denies access to all host features and requires
+ pods to be run with a UID, and SELinux context that are allocated to the namespace. This
+ is the most restrictive SCC.
+ creationTimestamp: null
+ name: katrin-restricted
+priority: null
+readOnlyRootFilesystem: false
+requiredDropCapabilities:
+- KILL
+- MKNOD
+- SYS_CHROOT
+- SETUID
+- SETGID
+runAsUser:
+ type: MustRunAsRange
+seLinuxContext:
+ type: MustRunAs
+supplementalGroups:
+ type: RunAsAny
+volumes:
+- glusterfs
+- configMap
+- downwardAPI
+- emptyDir
+- persistentVolumeClaim
+- secret
diff --git a/setup/projects/katrin/templates/katrin.yml.j2.bk b/setup/projects/katrin/templates/katrin.yml.j2.bk
new file mode 100644
index 0000000..5d032b3
--- /dev/null
+++ b/setup/projects/katrin/templates/katrin.yml.j2.bk
@@ -0,0 +1,135 @@
+---
+apiVersion: v1
+kind: Template
+metadata:
+ name: kaas
+ annotations:
+ descriptions: "KATRIN Routing Service"
+objects:
+ - apiVersion: v1
+ kind: Service
+ metadata:
+ name: kaas
+ spec:
+ selector:
+ name: kaas
+ ports:
+ - name: http
+ port: 80
+ targetPort: 8080
+ - name: https
+ port: 443
+ targetPort: 8443
+ - apiVersion: v1
+ kind: Route
+ metadata:
+ name: kaas
+ spec:
+ host: {{ kaas_project_config.katrin_node }}
+ to:
+ kind: Service
+ name: kaas
+ port:
+ targetPort: http
+ tls:
+ termination: edge
+ insecureEdgeTerminationPolicy: Allow
+ certificate: |-
+ -----BEGIN CERTIFICATE-----
+ MIIDmTCCAoGgAwIBAgIJAOnpyunJRkjVMA0GCSqGSIb3DQEBBQUAMGMxCzAJBgNV
+ BAYTAkRFMQswCQYDVQQIDAJCVzESMBAGA1UEBwwJS2FybHNydWhlMQwwCgYDVQQK
+ DANLSVQxDDAKBgNVBAsMA0lQRTEXMBUGA1UEAwwOa2F0cmluLmtpdC5lZHUwHhcN
+ MTQxMjE5MDEwMTEyWhcNMjQxMjE2MDEwMTEyWjBjMQswCQYDVQQGEwJERTELMAkG
+ A1UECAwCQlcxEjAQBgNVBAcMCUthcmxzcnVoZTEMMAoGA1UECgwDS0lUMQwwCgYD
+ VQQLDANJUEUxFzAVBgNVBAMMDmthdHJpbi5raXQuZWR1MIIBIjANBgkqhkiG9w0B
+ AQEFAAOCAQ8AMIIBCgKCAQEAyJ9+nKbhK4AaVyVH/jmAxPFC/o2shejmFL9jIE4I
+ ryrdnirepxcgvd2xcpTYeOb5TMKKFtJmqeW3jPOB3jAEyLzvuy1aYwd/DNx4A9VU
+ GO2shdqjPMaBOk4KjsjZnt+8toWJeABYsJ4nATpbM0ijkX6RqQoRboiaKWlvo10n
+ qMfGmQjMR+lC5uhF5hWhHwD+qPigEFGYis73dgFDhydfl4pzPXBySv4hM4zHvHHH
+ DO0QipGIxwmMrw4U/y4snN1hDCPFDJN3WehK4lt7tD8Ea1VwikCLh2eZ+v94BQC3
+ 060hHIC4lEhtTaDsNXrGIwzqVP9TPuOVEOgEAjxyN12D0wIDAQABo1AwTjAdBgNV
+ HQ4EFgQUGTmlNR3S73QucufU1P+8TehunFQwHwYDVR0jBBgwFoAUGTmlNR3S73Qu
+ cufU1P+8TehunFQwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfwuL
+ ayz7Mg1YzX3RUISmN0rJYFS9u57qaWkGK5LX5s/6T9Ppzjd3sPcFwryycumcNJ3x
+ G9iIuTX1n1/uPdwdulgGRtsq3vl1zLgI/at0UIZJxnQPxr73n8o5o9W5FFVRsJTs
+ WN2t7DurOQi0nLiIG+qmHHrRmFpSsgeegM720VCS9Wf434r0XZVMNl1ngIk4ppo6
+ /ecuRTxpv+iOM4j/QqFwXNZQwjGv3o1UZELJ9RMDVY7zGyL/77cu6Iz6aLVy3QrE
+ qMexD5/zZTnrKc4dWmuQSDqgMJeLdyebxZnYT8LLLr/QtUMmm1iLCw1MuY4tmPIp
+ j5rXZ3Oda5tHYrnPsA==
+ -----END CERTIFICATE-----
+ key: |-
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDIn36cpuErgBpX
+ JUf+OYDE8UL+jayF6OYUv2MgTgivKt2eKt6nFyC93bFylNh45vlMwooW0map5beM
+ 84HeMATIvO+7LVpjB38M3HgD1VQY7ayF2qM8xoE6TgqOyNme37y2hYl4AFiwnicB
+ OlszSKORfpGpChFuiJopaW+jXSeox8aZCMxH6ULm6EXmFaEfAP6o+KAQUZiKzvd2
+ AUOHJ1+XinM9cHJK/iEzjMe8cccM7RCKkYjHCYyvDhT/Liyc3WEMI8UMk3dZ6Eri
+ W3u0PwRrVXCKQIuHZ5n6/3gFALfTrSEcgLiUSG1NoOw1esYjDOpU/1M+45UQ6AQC
+ PHI3XYPTAgMBAAECggEAFFXubIyR2Gn0wY6a3I8RmWTnKIxNx4kTAVlg/95JDRBo
+ RGcOCJvUispU+UtTIfYvoPM7MhMDqwcI8vWf3Vi6s2pLVorDVbRl0XTriV/vVVOK
+ IEtILpnkcXeFpHGBdZQyOcIRbCOE2eo+A+bZZbpgMhhFRYAqwiyAi+APG90ObxIb
+ AqTEeTyztqyrKfnTdr50owL2KT7adS6XuSUNX681IJc+szbQ7piXN57Kdxd2PydM
+ JnSZAOBpQHkbiOEDUseeDjYRT23loeMIS7nWTwo1Y1LwsEKL5S7C0fKBfZV9xARw
+ TntGuM87HzbAk4535We8qW3t/5EqpzurgK7u9/PEEQKBgQDjy8CjDdobGK9+VUDg
+ iHbANbzEB4LrpVJiE+esr0iLXOoMdfTPwpd4XpbPPOjx/A9+6VfpdGt1EdZwLMpy
+ qryPW0iumsri3iPSVBS79mN6WmwYhNOcOTWlmbs4pEhubht9aNBi7rZ7QZgV3PLN
+ 7YBZHzxfyxTcIBCAzzoF7zaUeQKBgQDhdneOijWAYx0AMKTBzJw52KO/gloTDl9M
+ mOhvUIuYxkUE/mDE5EqI6k9VkbAqUvlD3z2S7yNY+h2hldO+u3w8GPo+bTCMyNDB
+ 0tQGCZnbKl8mfmItUlTyJ/MmNbanmYI2VmhDTMh6S8d8qKW9txXfDEXrzY2p7z/X
+ gRF3Ow9PqwKBgGw7CMHv+Ora5bbehr6n19QnNBLnhrqzh9r1niOb/JnKgaF+Ad0c
+ lZ8pQfog9ITUwAAKmixflha/bOVLQr0Mhh6Ovo/HGBKGfPqX3GoZ/NXLVISpx2j4
+ fZa63gthctCVHBaP0ELRLH6PgdURb4OMDmlJwAO7l6Om0HCDBQyAxavxAoGAZPUJ
+ QBh/MIgxGj6t5+HZKsXpPP3/m3zaC5CEtCOa/sP5b+0AI+odvgU9lRFxkuIon828
+ 4qiWaWdGEW7nrAaD8N02YPG/xaq+X6wqKLHv5QWqKbB6AdVWGEDvTfLLYW0Js48p
+ jMk7FBgOsbFK1hK/hmsWfCpE/w0Ux0kSKxOVHZUCgYEA41rhW18+KdxJyQTZaQRV
+ 0KQr8/30L116XYYTYrkILa6504nXMr7xSHuMxaPNl20b/sBz8a8VuKJt2CLZQ0Q3
+ oW3GAG2Fk+mvrauLriiJ2KgZkS5IJweJKHbIk1GQrucNArNojk9unrqN8wpa3Ywo
+ 9GafqnfUGu+FVd1CKolicSA=
+ -----END PRIVATE KEY-----
+ - apiVersion: v1
+ kind: DeploymentConfig
+ metadata:
+ name: kaas
+ spec:
+ replicas: 1
+ selector:
+ name: kaas
+ template:
+ metadata:
+ name: kaas
+ labels:
+ name: kaas
+ strategy:
+ type: Rolling
+ triggers:
+ - type: ConfigChange
+ spec:
+ nodeSelector:
+ master: "1"
+ containers:
+ - name: kaas
+ image: centos/httpd-24-centos7
+ imagePullPolicy: Always
+ ports:
+ - containerPort: 8080
+ - containerPort: 8443
+ volumeMounts:
+ - name: config
+ subPath: etc/apache2-kaas
+ mountPath: /etc/httpd
+ - name: config
+ subPath: log/apache2-kaas
+ mountPath: /var/log/httpd24
+ - name: config
+ subPath: htdocs/kaas
+ mountPath: /opt/rh/httpd24/root/var/www/html
+ livenessProbe:
+ timeoutSeconds: 1
+ initialDelaySeconds: 3
+ httpGet:
+ path: /index.html
+ port: 8080
+ volumes:
+ - name: config
+ persistentVolumeClaim:
+ claimName: openshift
diff --git a/setup/projects/katrin/vars/globals.yml b/setup/projects/katrin/vars/globals.yml
new file mode 100644
index 0000000..50776ff
--- /dev/null
+++ b/setup/projects/katrin/vars/globals.yml
@@ -0,0 +1,2 @@
+#katrin_node: katrin.kit.edu
+katrin_node: "katrin.{{ openshift_master_default_subdomain }}"
diff --git a/setup/projects/katrin/vars/katrin.yml b/setup/projects/katrin/vars/katrin.yml
new file mode 100644
index 0000000..c825654
--- /dev/null
+++ b/setup/projects/katrin/vars/katrin.yml
@@ -0,0 +1,7 @@
+#katrin_openshift_volumes:
+#adei_openshift_volumes:
+
+#volumes: "{{ ands_openshift_volumes | combine (katrin_openshift_volumes, adei_openshift_volumes) }}"
+#files: "{{ ands_openshift_files | union([]) }}"
+#file_owner: katrin
+#file_group: katrin \ No newline at end of file
diff --git a/setup/projects/katrin/vars/pods.yml b/setup/projects/katrin/vars/pods.yml
new file mode 100644
index 0000000..3bfcfd7
--- /dev/null
+++ b/setup/projects/katrin/vars/pods.yml
@@ -0,0 +1,22 @@
+# First port is exposed
+pods:
+ kaas:
+ service: { host: "{{ katrin_node }}", ports: [ 80/8080, 443/8043 ] }
+ sched: { replicas: 1, selector: { master: 1 } }
+ selector: { master: 1 }
+ images:
+ - image: "centos/httpd-24-centos7"
+ mappings:
+ - { name: "etc", path: "apache2-kaas", mount: "/etc/httpd24" }
+ - { name: "www", path: "kaas", mount: "/opt/rh/httpd24/root/var/www/html" }
+ - { name: "log", path: "apache2-kaas", mount: "/var/log/httpd24" }
+ probes:
+ - { port: 8080, path: '/index.html' }
+
+#oc:
+# - template: "[0-3]*"
+# - template: "[4-6]*"
+# - resource: "route/apache"
+# oc: "expose svc/kaas --name apache --hostname=apache.{{ openshift_master_default_subdomain }}"
+# - template: "*"
+ \ No newline at end of file
diff --git a/setup/users/htpasswd b/setup/users/htpasswd
new file mode 100644
index 0000000..cf0d67e
--- /dev/null
+++ b/setup/users/htpasswd
@@ -0,0 +1,3 @@
+pdv:$apr1$ACvj6uUa$Nm1Vq8hZq3RzTtaYpAHv01
+csa:$apr1$IqEwdnzy$UAdd8ZSFnXommBbj29w3c0
+katrin:$apr1$/hxgbxC4$/MxeHtIYvAJcIQFR5Jz0E0
diff --git a/setup/users/users.yml b/setup/users/users.yml
new file mode 120000
index 0000000..b201d8a
--- /dev/null
+++ b/setup/users/users.yml
@@ -0,0 +1 @@
+../configs/openshift.yml \ No newline at end of file