Project

General

Profile

Statistics
| Branch: | Tag: | Revision:

installer/config/foreman.hiera @ 5eb2c13b

Name Size
  family
  tuning
common.yaml 762 Bytes
security.yaml 32 Bytes

Latest revisions

# Date Author Comment
5eb2c13b 10/31/2022 12:11 PM Eric Helms

Fixes #35564 - Use Redis 6 on EL8
52bf7a31 10/28/2022 01:31 PM Ewoud Kohl van Wijngaarden

Fixes #35631 - Enable HTTP/2 by default

Apache doesn't load HTTP/2 by default since it's incompatible with the
prefork MPM. We use the event MPM where it should work. Enabling HTTP/2
allows clients to retrieve resources in parallel which means pages load...
899eea85 10/28/2022 01:31 PM Ewoud Kohl van Wijngaarden

Refs #35629 - Use built in Apache defaults on EL

Currently unreleased, but puppetlabs/apache will respect the EL8
defaults. It follows the system level configuration for TLS protocols,
which out of the box is TLSv1.2 & TLSv1.3.

It still keeps stricter security on Debian since there the default still...
7e35242e 10/26/2022 04:17 PM Ewoud Kohl van Wijngaarden

Refs #35629 - Use the correct cipher profile

Fixes: 8472875da9a6b94c8c5dd3696d697e671934afc1
8472875d 10/24/2022 04:26 PM Ewoud Kohl van Wijngaarden

Fixes #35629 - Default Apache to PROFILE=system ciphers

At least on EL8 it's possible to use PROFILE=system for SSLCipherSuite
and SSLProxyCipherSuite. This allows admins to configure the cipher
suite on a system level and it also means we don't have to keep our...
61099c43 07/05/2022 01:40 PM Ewoud Kohl van Wijngaarden

Remove mentions of Apache prefork settings

There is no setup where prefork is used after EL7 support was dropped.
While users can still manually switch the MPM module, we don't support
this.

Fixes: 344905158ad04395a65a56564d460e0d4e9ad27c
34490515 06/28/2022 04:42 PM Eric Helms

Drop EL7 support
640dfc6b 04/29/2022 12:29 PM William Clark

Fixes #20889 - Use event mpm module with Apache
b2b6eea6 04/26/2022 02:09 PM William Clark

Fixes #34590 - Enable only minimum apache modules

The puppetlabs-apache module installs Apache httpd with a set of default Apache modules, some of which are not necessary for our use case. This commit reduces that set of Apache modules to a minimum, by setting `apache::default_mods: false` in `config/foreman.hiera/common.yaml`. The user can enable additional modules if desired by overriding `apache::default_mods` in custom-hiera.yaml with a list of Apache modules. For more information, see documentation for puppetlabs-apache.
8d7fb8ef 03/29/2022 10:46 AM Ewoud Kohl van Wijngaarden

Fixes #32323 - Correct PostgreSQL service name on EL7

While we do install the -server-syspaths package (which allows using the
non-SCL name), due to implementation details the systemd override files
must be created on the original name. Otherwise they do not have any...

View revisions

Also available in: Atom