| 16 | === Apache Recommended Settings === |
| 17 | |
| 18 | SCDB has no strong requirement concerning Apache configuration. It generally uses 3 distinct URLs for 3 different purposes : |
| 19 | * Profiles : machine profiles are served by one specific URL shared by all machines. The files there are XML files produces by the PAN compiler when executing `ant deploy`. |
| 20 | * Kickstart configuration files : this URL is used to store the Kickstart configuration file for each machines. These files are produced by `aii-shellfe --configure`. |
| 21 | * RPM packages : RPMs are grouped in repositories, each repository has its own URL. This is a common setting to have one common parent URL for all repositories but this is not at all a requirement. |
| 22 | |
| 23 | Recommended setting for these 3 areas are : |
| 24 | * Restrict access to profile and Kickstart configuration to IP adresses (or subnets) matching Quattor clients, as these files may contain sensitive information like encrypted passwords or MySQL passwords (cleartext). |
| 25 | * Configure all these areas to ignore any `index.html` file and auto-indexing. This is particularly important for RPM repositories URLs, as presence of an `index.html` will prevent SCDB tools to get the list of RPMs in the repository. Recommended settings for these areas are : |
| 26 | {{{ |
| 27 | Options Indexes |
| 28 | DirectoryIndex VeryUnlikelyDirectoryIndex.none |
| 29 | AllowOverride None |
| 30 | }}} |