| | 16 | === Apache Recommended Settings === |
| | 17 | |
| | 18 | SCDB has no strong requirement concerning Apache configuration. It generally uses 3 distinct URLs for 3 different purposes : |
| | 19 | * Profiles : machine profiles are served by one specific URL shared by all machines. The files there are XML files produces by the PAN compiler when executing `ant deploy`. |
| | 20 | * Kickstart configuration files : this URL is used to store the Kickstart configuration file for each machines. These files are produced by `aii-shellfe --configure`. |
| | 21 | * RPM packages : RPMs are grouped in repositories, each repository has its own URL. This is a common setting to have one common parent URL for all repositories but this is not at all a requirement. |
| | 22 | |
| | 23 | Recommended setting for these 3 areas are : |
| | 24 | * Restrict access to profile and Kickstart configuration to IP adresses (or subnets) matching Quattor clients, as these files may contain sensitive information like encrypted passwords or MySQL passwords (cleartext). |
| | 25 | * Configure all these areas to ignore any `index.html` file and auto-indexing. This is particularly important for RPM repositories URLs, as presence of an `index.html` will prevent SCDB tools to get the list of RPMs in the repository. Recommended settings for these areas are : |
| | 26 | {{{ |
| | 27 | Options Indexes |
| | 28 | DirectoryIndex VeryUnlikelyDirectoryIndex.none |
| | 29 | AllowOverride None |
| | 30 | }}} |
